summaryrefslogtreecommitdiff
path: root/HISTORY
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2009-02-22 13:37:51 +0100
committerPierre Schmitz <pierre@archlinux.de>2009-02-22 13:37:51 +0100
commitb9b85843572bf283f48285001e276ba7e61b63f6 (patch)
tree4c6f4571552ada9ccfb4030481dcf77308f8b254 /HISTORY
parentd9a20acc4e789cca747ad360d87ee3f3e7aa58c1 (diff)
updated to MediaWiki 1.14.0
Diffstat (limited to 'HISTORY')
-rw-r--r--HISTORY651
1 files changed, 648 insertions, 3 deletions
diff --git a/HISTORY b/HISTORY
index 8e89f410..f9e3692a 100644
--- a/HISTORY
+++ b/HISTORY
@@ -1,5 +1,650 @@
Change notes from older releases. For current info see RELEASE-NOTES.
+== MediaWiki 1.13 ==
+
+== Changes since 1.13.2 ==
+
+David Remahl of Apple's Product Security team has identified a number of
+security issues in previous releases of MediaWiki. Subsequent analysis by the
+MediaWiki development team expanded the scope of these vulnerabilities. The
+issues with a significant impact are as follows:
+
+* An XSS vulnerability affecting all MediaWiki installations between 1.13.0 and
+ 1.13.2. [CVE-2008-5249]
+* A local script injection vulnerability affecting Internet Explorer clients for
+ all MediaWiki installations with uploads enabled. [CVE-2008-5250]
+* A local script injection vulnerability affecting clients with SVG scripting
+ capability (such as Firefox 1.5+), for all MediaWiki installations with SVG
+ uploads enabled. [CVE-2008-5250]
+* A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki
+ installations since the feature was introduced in 1.3.0. [CVE-2008-5252]
+
+XSS (cross-site scripting) vulnerabilities allow an attacker to steal an
+authorised user's login session, and to act as that user on the wiki. The
+authorised user must visit a web page controlled by the attacker in order to
+activate the attack. Intranet wikis are vulnerable if the attacker can
+determine the intranet URL.
+
+Local script injection vulnerabilities are like XSS vulnerabilities, except
+that the attacker must have an account on the local wiki, and there is no
+external site involved. The attacker uploads a script to the wiki, which another
+user is tricked into executing, with the effect that the attacker is able to act
+as the privileged user.
+
+CSRF vulnerabilities allow an attacker to act as an authorised user on the wiki,
+but unlike an XSS vulnerability, the attacker can only act as the user in a
+specific and restricted way. The present CSRF vulnerability allows pages to be
+edited, with forged revision histories. Like an XSS vulnerability, the
+authorised user must visit the malicious web page to activate the attack.
+
+These four vulnerabilities are all fixed in this release.
+
+David Remahl also reminded us of some security-related configuration issues:
+
+* By default, MediaWiki stores a backup of deleted images in the images/deleted
+ directory. If you do not want these images to be publically accessible, make
+ sure this directory is not accessible from the web. MediaWiki takes some steps
+ to avoid leaking these images, but these measures are not perfect.
+* Set display_errors=off in your php.ini to avoid path disclosure via PHP fatal
+ errors. This is the default on most shared web hosts.
+* Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may
+ lead to path disclosure.
+
+Other changes in this release:
+
+* Avoid fatal error in profileinfo.php when not configured.
+* Add a .htaccess to deleted images directory for additional protection against
+ exposure of deleted files with known SHA-1 hashes on default installations.
+* Avoid streaming uploaded files to the user via index.php. This allows
+ security-conscious users to serve uploaded files via a different domain, and
+ thus client-side scripts executed from that domain cannot access the login
+ cookies. Affects Special:Undelete, img_auth.php and thumb.php.
+* When streaming files via index.php, use the MIME type detected from the
+ file extension, not from the data. This reduces the XSS attack surface.
+* Blacklist redirects via Special:Filepath. Such redirects exacerbate any
+ XSS vulnerabilities involving uploads of files containing scripts.
+* Internationalisation updates.
+
+== Changes since 1.13.1 ==
+
+* Security: Work around misconfiguration by requiring strict comparisons for
+ in_array in User::isAllowed().
+* (bug 14944) Added $wgShellLocale for configuration of an appropriate locale
+ to use for LC_CTYPE during shell invocation. For servers that don't have
+ en_US.utf8. Also added locale detection during install.
+* Localisation updates
+* Security: Fixed XSS vulnerability in useskin parameter.
+
+== Changes since 1.13.0 ==
+
+* (bug 15460) Fixed intermittent deadlock errors and poor concurrent
+ performance for installations without memcached.
+* (bug 13770) Fixed DOM module detection for installations with both dom
+ and domxml.
+* (bug 15148) Fixed Special:BlockIP for PostgreSQL
+* Fixed SQLite support for non-memcached installations
+* Localisation updates, Achinese (ace) added.
+
+== Changes since 1.13.0rc2 ==
+
+* (bug 13770) Fixed incorrect detection of PHP's DOM module
+* Fix regression from r37834: accesskey tooltip hint should be given for the
+ minor edit and watch labels on the edit page.
+* Updated Chinese simplified/traditional conversion tables
+
+== Changes since 1.13.0rc1 ==
+
+* $wgForwardSearchUrl has been removed entirely. Documented setting since 1.4
+ has been $wgSearchForwardUrl.
+* (bug 14907) DatabasePostgres::fieldType now defined.
+* (bug 14966) Fix SearchEngineDummy class for silently non-functional search
+ on Sqlite instead of horribly fatal error breaky one.
+* (bug 14987) Only fix double redirects on page move when the checkbox is
+ checked
+* (bug 13376) Use $wgPasswordSender, not $wgEmergencyContact, as return
+ address for page update notification mails.
+* API: Registration time of users registered before the DB field was created is now
+ shown as empty instead of the current time.
+* (bug 14904): fragments were lost when redirects were fixed.
+* Added magic word __STATICREDIRECT__ to suppress the redirect fixer
+* (bug 15035) Revert English linkTrail to /^([a-z]+)(.*)$/sD, as it was before
+ r36253. Multiple reports of breakage due to old (pre-5.0) PCRE libraries,
+ both bundled with PHP and packaged with distros such as RHEL.
+* (bug 14944) Shell invocation of external programs such as ImageMagick convert
+ was broken in PHP 5.2.6, if the server had a non-UTF-8 locale.
+
+=== Configuration changes in 1.13 ===
+
+* New option $wgFeed can be set false to turn off syndication feeds
+* (bug 5745) Special:Whatlinkshere now shows up to $wgMaxRedirectLinksRetrieved
+ links through each redirect instead of hardcoded 500
+* Set $wgUploadSizeWarning to false by default
+* Added $wgLBFactoryConf, for generic configuration of multi-master wiki farms
+* Removed $wgAlternateMaster, use $wgLBFactoryConf
+* (bug 13562) Misspelled option $wgUserNotifedOnAllChanges changed to
+ $wgUserNotifiedOnAllChanges
+* (bug 12860) New option $wgSitemapNamespaces allows sitemaps to be generated
+ for only some namespaces
+* Removed the emailconfirmed implicit group by default. To re-add it, use:
+ $wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED;
+ in your LocalSettings.php.
+* (bug 2396) New shared database configuration variables. $wgSharedPrefix allows
+ you to use a shared database with a different prefix. Or you can now use a local
+ database and use prefixes to separate wiki and the shared tables. And the new
+ $wgSharedTables variable allows you to specify a list of tables to share.
+* Automatic edit summaries can be disabled with $wgUseAutomaticEditSummaries
+* Duplicates of images are now shown on the image page
+* $wgRCFilterByAge allows for the list of dates in recent changes special pages to
+ be filtered to only those within the range of $wgRCMaxAge
+* $wgRCLinkLimits and $wgRCLinkDays allow for customization of the list and limits
+ displayed on the recent changes special pages
+* The "createpage" permission is no longer required when uploading if the target
+ image page already exists
+* $wgMaximumMovedPages restricts the number of pages that can be moved at once
+ (default 100) with the new subpage-move functionality of Special:Movepage
+* Hooks display in Special:Version is now disabled by default, use
+ $wgSpecialVersionShowHooks = true; to enable it.
+* $wgActiveUserEditCount sets the number of edits that must be performed over
+ a certain number of days to be considered active
+* $wgActiveUserDays is that number of days
+* $wgRateLimitsExcludedGroups has been deprecated in favor of
+ $wgGroupPermissions[]['noratelimit']. The former still works, however.
+* New $wgGroupPermissions option 'move-subpages' added to control bulk-moving
+ subpages along with pages. Assigned to 'user' and 'sysop' by default.
+* New $wgRC2UDPOmitBots allows user to omit bot edits from UDP output.
+ Default: false
+* Removed $wgEnableCascadingProtection option. Disabling cascading protection
+ is no longer possible.
+* $wgMessageCacheType defines now the type of cache used by the MessageCache class,
+ previously it was choosen based on $wgParserCacheType
+* $wgExtensionAliasesFiles option to simplify adding aliases to special pages
+ provided by extensions, in a similar way to $wgExtensionMessagesFiles
+* Added $wgXMLMimeTypes, an array of XML mimetypes we can check for
+ with MimeMagic.
+* Added $wgDirectoryMode, which allows for setting the default CHMOD value when
+ creating new directories.
+* (bug 14843) $wgCookiePrefix can be set by LocalSettings now, false defaults
+ current behavior.
+
+=== New features in 1.13 ===
+
+* __HIDDENCAT__ on a category page causes the category to be hidden on the
+ article page
+* Do not show edit permissions errors on a red link click, just redirect to the
+ article. This is so that readers who don't know what a red link is are not
+ confused when they are told they are range-blocked.
+* Add a new hook ImageBeforeProduceHTML to allow extensions to modify wikitext
+ image syntax output
+* (bug 13100) Added 'preloadtitle' parameter to action=edit&section=new that
+ pre-fills the section title field
+* (bug 13112) Added Special:RelatedChanges alias to Special:RecentChangesLinked
+* (bug 13130) Moved edit token and autosummary fields above edit tools to
+ reduce broken form submissions
+* Add --old-redirects-only option to maintenance/refreshLinks.php, to add old
+ redirects to the redirect table
+* Add links to page and file deletion forms to edit predefined delete reasons
+* (bug 13269) Added MediaWiki:Uploadfooter to the bottom of Special:Upload
+* (bug 2815) Search results for media now use thumbnail instead of text extract
+* When a page doesn't exist, the tab should say "create", not "edit"
+* (bug 12882) Added a span with class "patrollink" around "Mark as patrolled"
+ link on diffs
+* Magic word formatnum can now take raw suffix to undo formatting
+* Add updatelog table to reliably permit updates that don't change the schema
+* Add category table to allow better tracking of category membership counts
+** (bug 1212) Give correct membership counts on the pages of large categories
+** Use category table for more efficient display of Special:Categories
+* (bug 1459) Search for duplicate files by hash: Special:FileDuplicateSearch
+* (bug 9447) Added hooks for search result headings
+* Image redirects are now enabled by default
+* (bug 13450) Email confirmation can now be canceled before the expiration
+* (bug 13490) Show upload/file size limit on upload form
+* Redesign of Special:UserRights
+* Make rev_deleted log entries more intelligible
+* (bug 6943) Added PAGESINCATEGORY: magic word
+* (bug 13604) Added Special:ListGroupRights
+* (bug 6332, 8617) Added message 'mainpage-description' as duplicate of
+ 'mainpage' and added it to message 'sidebar'
+* Automatically add old redirects to the redirect table when needed
+* (bug 6934) Allow inclusions, links, redirects to be separately toggled on or
+ off on Special:WhatLinksHere
+* Cache image redirects
+* (bug 10457) Organize Special:SpecialPages into sections
+* Add a new hook EditPageBeforeConflictDiff to allow extensions like FCKeditor
+ to modify the output for edit conflicts
+* Add class="nested" for <fieldset>s so fieldsets inside fieldsets get
+ a slightly less huge margin and padding
+* (bug 13527) Use sitemaps.org format 0.9 instead of a Google-specific format
+* Allow \C and \Q as TeX commands to match \R, \N, \Z
+* On Special:UserRights, when you can add a group you can't remove or remove
+ one you can't add, a notice is printed to warn you
+* (bug 12698) Create PAGESIZE parser function, to return the size of a page
+* Allow the "log in / create account" link in the toolbar to have different
+ text from Special:UserLogin title (new message 'nav-login-createaccount')
+* Say "log in / create account" if an anonymous user can create an account,
+ otherwise just "log in", consistently across skins
+* Special:Shortpages and Special:Longpages now returns pages in all content
+ namespaces, not just NS_MAIN.
+* (bug 889) Improve conflict-handling between shared upload repository
+ and local one
+* Update documentation links in auto-generated LocalSettings.php
+* (bug 13584) The new hook SkinTemplateToolboxEnd was added.
+* (bug 709) Cannot rename/move images and other media files [EXPERIMENTAL]
+* Custom rollback summaries now accept the same arguments as the default message
+* (bug 12542) Added hooks for expansion of Special:Listusers
+* Drop-down AJAX search suggestions (turn on $wgEnableMWSuggest)
+* More relevant search snippets (turn on $wgAdvancedSearchHighlighting)
+* (bug 13950) Allow users to watch the user/talk pages of users they block.
+* (bug 13970) Allow MonoBook-based skins to specify their own print stylesheet
+* Show image links on Special:Whatlinkshere
+* Use rel="start", "prev", "next" appropriately on Pager-based pages
+* Add support for SQLite
+* AutoAuthenticate hook renamed to UserLoadFromSession
+* (bug 13232) importScript(), importStylesheet() funcs available to custom JS
+* (bug 13095) Search by first letters or digits in [[Special:Categories]]
+* Users moving a page can now move all subpages automatically as well
+* (bug 14259) Localisation message for upload button on Special:Import is now
+ 'import-upload' instead of 'upload'
+* Add information about user group membership to Special:Preferences
+* (bug 14146) Wrap usage section on imagepages into <div>s.
+* New layout for Special:Specialpages. Restricted pages are marked but not separated
+ from other pages in their group.
+* (bug 14263) Show a diff of the revert on rollback notification page.
+* (bug 13434) Show a warning when hash identical files exist
+* Sidebar is now cached for all languages
+* The User class now contains a public function called isActiveEditor. Figures
+ out if a user is active based on at least $wgActiveUserEditCount number of
+ edits in the last $wgActiveUserDays days.
+* SpecialSearchResults hook now passes results by reference, so they can be
+ changed by extensions.
+* Add a new hook LinkerMakeExternalLink to allow extensions to modify the output of
+ external links.
+* (bug 14132) Allow user to disable bot edits from being output to UDP.
+* (bug 14328) jsMsg() within Wikibits now accepts a DOM object, not just a string
+* (bug 14558) New system message (emailuserfooter) is now added to the footer of
+ e-mails sent with Special:Emailuser
+* Add support for Hijri (Islamic) calendar
+* Add a new hook LinkerMakeExternalImage to allow extensions to modify the output
+ of external (hotlinked) images.
+* (bug 14604) Introduced the following features for the LanguageConverter:
+ Multi-tag support, single conversion flag, remove conversion flag on a single
+ page, description flag, variant name, multi-variant fallbacks.
+* Add zh-mo and zh-my variants for the zh language
+* (bugs 4832, 9481, 12890) Special:Recentchangeslinked now has all options that
+ are in Special:Recentchanges
+* Allow an $error message to be passed to ArticleDelete hook
+* Allow extensions to modify the user creation form by calling addInputItem();
+* Add meta generator tag to HTML output
+* MediawikiPerformAction hook is now passed the Mediawiki object
+* Added blank special page Special:BlankPage for benchmarking, etc.
+* Foreign repo file descriptions and thumbnails are now cached.
+* (bug 11732) Allow localisation of edit button images
+* Allow the search box, toolbox and languages box in the Monobook sidebar to be
+ moved around arbitrarily using special sections in [[MediaWiki:Sidebar]]:
+ SEARCH, TOOLBOX and LANGUAGES
+* Add a new hook NormalizeMessageKey to allow extensions to replace messages before
+ the database is potentially queried
+* (bug 9736) Redirects on Special:Fewestrevisions are now marked as such.
+* New date/time formats in Cs localization according to ČSN and PČP.
+* Special:Recentchangeslinked now includes changes to transcluded pages and
+ displayed images; also, the "Show changes to pages linked" checkbox now works on
+ category pages too, showing all links that are not categorizations
+* (bug 4578) Automatically fix redirects broken by a page move
+
+=== Bug fixes in 1.13 ===
+
+* (bug 10677) Add link to the file description page on the shared repository
+* (bug 13084) Increase size of source/destination filename fields in upload form
+* (bug 13115) rebuildrecentchanges should print the current value of $wgRCMaxAge
+* (bug 13140) Show parent categories in category namespace
+* (bug 13149) Correctly format 'fileexists' message on Upload page
+* Make the default filepageexists message accurate
+* (bug 12988) $wgMinimalPasswordLength no longer breaks create user by email
+* (bug 13022) Fix upload from URL on PHP 5.0.x
+* (bug 13132) Unable to unprotect pages protected with earlier versions of MediaWiki
+* (bug 12723) OpenSearch description name now uses more compact language code
+ to avoid passing the length limit as often, is customizable per site via
+ 'opensearch-desc' message.
+* (bug 13135) Special:Userrights now passes IDs through form submission
+ to allow functionality on not-quite-right usernames
+* (bug 12575) Prevent duplicate patrol log entries from being created
+* (bug 13174) __HIDDENCAT__ now applies only to category pages
+* (bug 13031) Add links to user pages in e-mail form
+* (bug 13147) Description for categoriespagetext (used in Special:Categories) reworded
+* (bug 11561) Fix fatal error when calling action=revert to non-image page
+* (bug 12430) Fix call to private method LinkFilter::makeRegex fatal error in
+ maintenance/cleanupSpam.php
+* All skins should have the "mediawiki" class on the body element
+* (bug 13019) Message cache for some extensions not loaded at time of editing
+* (bug 13247) Prettified ISBN links
+* maintenance/refreshLinks.php did not fix page_id 1 with the --new-only option
+* (bug 13110) Don't show "Permission error" page if the edit is already rolled
+ back when using rollback
+* (bug 13012) Use content messages for block options when generating the
+ recentchanges entry
+* (bug 13274) Change links for messages to ucfirst
+* (bug 13273) Un-hardcode some punctuation (add new messages colon-separator,
+ autocomment-prefix)
+* Parse MediaWiki message translations with a correct language setting on preview
+* (bug 13281) Treat X-Forwarded-For, Client-ip and User-Agent headers as
+ case-insensitive names.
+* Adding the fix for lists in RTL wikis to more skins, and fixing the image toc
+* (bug 8157) Remove redirects from Special:Unusedtemplates. Patch by WebBoy.
+* (bug 10721) Duplicate section anchors with differing case now disambiguated
+ for Internet Explorer's sake and standards compliance
+* (bug 13298) Tighter limits on Special:Newpages limits when embedding
+* Email subject in content language instead of sending user's UI language
+* (bug 13251) Allow maintenance rebuild scripts to work with Postgres
+* (bug 2084) Fixed incorrect regex to match redirects
+* (bug 3131) Manually-specified upload destination filename is no longer
+ overwritten by browsing for a file after you wrote it.
+* (bug 7251) Sidebars generated by MediaWiki:Sidebar now have the class
+ 'generated-sidebar'.
+* (bug 13265) Media handler is missing 'image/x-bmp'
+* (bug 13407) MediaWiki:Powersearch is used in two places
+* (bug 13403) Fix cache invalidation of history pages when old revisions change
+* (bug 11563) Deprecated SearchMySQL4 class; merged code to SearchMySQL
+* (bug 12801) Fix link in subtitle message in AJAX search
+* (bug 13428) Fix regression in protection form layout HTML validity
+* (bug 9403) Sanitize newlines from search term input
+* (bug 13429) Separate date and time in message sp-newimages-showfrom
+* (bug 13137) Allow setting 'editprotected' right separately from 'protect',
+ so groups may optionally edit protected pages without having 'protect' perms
+* Disallow deletion of big pages by means of moving a page to its title and
+ using the "delete and move" option.
+* (bug 13466, 13632) White space differences not shown in diffs
+* (bug 1953) Search form now honors namespace selections more reliably
+* (bug 12294) Namespace class renamed to MWNamespace for PHP 5.3 compatibility
+* PHP 5.3 compatibility fix for wfRunHooks() called with no parameters
+* (bug 6447) Trackbacks now work with transactional tables, if enabled
+* (bug 6892, 7147) Trackback error handling, optional fields more robust
+* (bug 6813) Don't break HTML validator when using trackbacks
+* Fix for size checks on SVG images with global 'stroke-width' attribute
+* (bug 11874) Inline CSS with !important no longer borken
+* (bug 1600) Strip extra == section markup == in new-comment field
+* (bug 11325) Wrapped page titles in MonoBook skin spaced more nicely
+* (bug 12077) Fix HTML nesting for TOC
+* (bug 344) Purge cache for talk/article pages when deleting the other tab
+* (bug 13436) Treat image captions correctly when they include option keywords
+ (like ending with "px" or starting with "upright")
+* Trackback display formatting fixed
+* Don't die when single-element arrays are passed to SQL query constructors
+ that have an array index other than 0
+* (bug 13522) Fix fatal error in Parser::extractTagsAndParams
+* (bug 13532) Use proper timestamp call when reverting images
+* (bug 13543) Updated FAQ link in the installer sidebar
+* (bug 13540) Date format in confirmation e-mail now matches message language
+* (bug 13554) PHP Notice in old pre-processor when list item is empty.
+* (bug 13556) Don't show a blank form if no image is attached in Special:Upload
+* (bug 13576) maintenance/rebuildrecentchanges.php fails
+* (bug 13441) Allow Special:Recentchanges to show bots only
+* (bug 13431) Show true message source in Special:Allmessages&ot=php / xml
+* (bug 13463) Login successful page doesn't use user's preferred interface language
+* (bug 13630) Fixed warnings for pass by reference at call time in
+ Special:Revisiondelete when generating the log entry.
+* (bug 12064) BeforePageDisplay hook is now called for all skins
+* (bug 13624) Fix regression with manual thumb= parameter on images
+* (bug 11039) Add missing labels on protection form
+* (bug 13458) Preview/edit toolbar spacing now works consistently
+* (bug 13433) Fix action=render on Image: pages
+* (bug 13678) Fix CSS validation for Monobook
+* (bug 13684) Links in Special:ListGroupRights should be in content language
+* (bug 13690) Fix PHP notice on accessing some URLs
+* Hide (undo) link if user isn't able to edit page
+* Invalidate cache of pages that includes images via redirects on upload
+* (bug 13705) Don't show rollback link in page history on incorrect revisions
+* (bug 13708) Don't set "Search results" title when loading Special:Search
+ without query
+* (bug 13736) Don't show MediaWiki:Anontalkpagetext on non-existant IP addresses
+* (bug 13728) Don't trim initial whitespace during section edits
+* (bug 13727) Don't delete log entries from recentchanges on page deletion
+* (bug 13752) Redirects to sections now work again
+* (bug 13725) Upload form watch checkbox state set correctly with wpDestFile
+* (bug 13756) Don't show the form and navigation links of Special:Newpages if
+ the page is included
+* When hiding things on WhatLinksHere, generated URLs should hide them too
+* Properly escape search terms with regex chars so they appear highlighted in
+ search results
+* (bug 13768) pt_title field encoding fixed
+* Do not display empty columns on Special:UserRights if all groups are
+ changeable or all unchangeable
+* Fix fatal error on calling PAGESINCATEGORY with invalid category name
+* (bug 13793) Special:Whatlinkshere filters wrong - after paginating instead of before
+* (bug 13796) Show links to parent pages even if some of them are missing
+* (bug 13816) Filter by main namespace doesn't work on WhatLinksHere
+* (bug 13822) Fatal error on some pages when calculating subpage subtitle
+* (bug 13824) AJAX search suggestion now works with non-SkinTemplate skins
+* Added 'application/x-dia-diagram' MediaWiki's known MIME types
+* (bug 13866) skins/common/shared.css - invalid attribute fixing
+* Hide edit section links on Special:Undelete
+* (bug 13860) Fix "Justify paragraphs" option for Modern skin
+* (bug 13168) accessibility links in Modern skin link to wrong anchor id
+* (bug 13185) No line break after 'subpages' class in Modern skin
+* (bug 13583) No "poweredby" in Modern skin
+* (bug 13880) "Printable" link in Modern skin now formats as print mode
+* (bug 13885) Bump default $wgSVGMaxSize from 1024 to 2048 pixels
+* (bug 13891) Show categories box even if all categories are hidden and user has
+ "show hidden categories" option on
+* (bug 13915) Undefined variable $wltsfield in includes/SpecialWatchlist.php
+* (bug 13913) Special:Whatlinkshere now has correct HTML markup
+* (bug 13905) Blacklist Mac IE from HttpOnly cookies; it eats them sometimes
+* (bug 13922) Fix bad HTML on empty Special:Prefixindex and Special:Allpages
+* (bug 13924) Fix bad HTML on power search form
+* (bug 13820) Fix updater for rev_parent_id population
+* (bug 13925) Fix bad HTML on search results list
+* (bug 13934) Fixing the link to GNU General Public License Version 2
+* Show correct accesskey prefix for Firefox 3 beta (Alt-Shift-, not Alt-)
+* (bug 13949) Special:PrefixIndex/AllPages paging links contain invalid XML
+* (bug 13770) Use Preprocessor_Hash by default to avoid missing DOM module errors
+* (bug 13982) Disable ccmeonemails preference when user-to-user mails disabled
+* (bug 13615) Update case mappings and normalization to Unicode 5.1.0
+ Note that case mappings will only be used if mbstring extension is not present.
+* (bug 14044) Don't increment page view counters on views from bot users
+* (bug 14042) Calling Database::limitResult() misplaced the comment in the log file
+* (bug 14047) Fix regression in installer which hid DB-specific options
+ Also makes SQLite path configurable in the installer.
+* (bug 13546) Follow image redirects on image page
+* (bug 12644) Template list on edit page now sorted on preview
+* (bug 14058) Support pipe trick for namespaces and interwikis with "-"
+* Message name filter on Special:Allmessages now case-insensitive
+* (bug 13943) Fix image redirect behaviour on image pages
+* (bug 14093) Do 'sysop' => 'protect' magic in Title::isValidMoveOperation
+* (bug 14063) Power search form missing <label> for redirects check
+* (bug 14111) Similar filename warning links now lead to correct page
+* (bug 14082) Fix for complex text input vs AJAX suggestions on some browsers
+* (bug 13693) Categories sometimes claim to have a negative number of members
+* (bug 1701) Korean Hangul syllables now broken down properly in Category lists
+ even if the wiki's overall content language is not Korean
+* (bug 12773) addOnloadHook() now calls functions immediately when scripts are
+ loaded after the primary page completion, instead of dropping them
+* (bug 14199) Fix deletion form for image redirect pages
+* (bug 14220) Disabling $wgCheckFileExtensions now works without also
+ disabling $wgStrictFileExtensions
+* (bug 14241) Pages can no longer be protected to levels you are not in
+* (bug 14296) Fix local name of ang: (Anglo-Saxon)
+* (bug 4871) Hardcoded superscript in time zone preferences moved to message
+* (bug 6957) E-mail confirmation links now using English special page name
+ for better compatibility and keeping the links shorter. Avoids problem
+ with corrupt links in Gmail on IE 6.
+* (bug 14273) Fix for HTTP Accept header parsing with spaces as from Konqueror
+* (bug 14312) Update LanguageKaa.php for handling transform issues with i to İ
+ and I to ı
+* (bug 13826) MediaWiki:Defaultns accepts Wikicode
+* (bug 14324) Creating an account is again possible with $wgEmailConfirmToEdit
+ set to true
+* (bug 13034) Interwiki pages can now be reached using Go search button
+* (bug 14362) Change interwiki names of Erzya and Moksha Wikipedias
+* (bug 14370) When a grouppage-x message does not exist the entry on the
+ ListGroupRights special page now links to the project namespace page for it,
+ not the main namespace page.
+* (bug 11659) Urldecode image names in galleries
+* (bug 14258, 14368) Fix for subpage renames in replication environments
+* (bug 14367) Failed block no longer adds phantom watchlist entry
+* (bug 14385) "Move subpages" option no longer tries to move to invalid titles
+* (bug 14386) Fix subpage namespace oddity when moving a talk page
+* (bug 11771) Signup form now not shown if in read-only mode.
+* (bug 12859) $wgRateLimitsExcludedGroups has been deprecated in favor of
+ $wgGroupPermissions[]['noratelimit'].
+* (Bug 13828) Split parameter $1 of MediaWiki:Missingarticle into $1 (=title)
+ and $2 (=revision numbers)
+* (bug 14401) Fix Safari access key tooltips for Windows and >3.1 Mac versions
+* (bug 14432) Fix notice regression in Special:Newpages feed mode
+* (bug 11951) EditPage::getEditToolbar() is now static.
+* (bug 14392) Fix regression breaking table prefix in installer
+* (bug 11084) $wgDBprefix replacement for updater SQL will now work for
+ extension tables using uppercase letters or digits in their names.
+* (bug 12311) Fix regression with lists at start of undeletion preview
+* (bug 14496) Fix regression with parseinline on Special:Upload.
+* We no longer just give up on a missing upload base directory; it's now
+ created automatically if we have sufficient permissions!
+* (bug 14479) MediaWiki:upload-maxfilesize should have a div id wrapper
+* (bug 14497) Throw visible errors in installer scripts when SQL files
+ fail due to database permission or other error
+* (bug 14500) Site feed (Recentchanges) no longer shows up on the actual
+ recent changes page.
+* (bug 14511) MediaWiki:Delete-legend is no longer double escaped
+* Generate correct section anchors for numeric headers
+* (bug 14520) Don't load nonexistent CSS files for Chick/Myskin/Simple skins
+* (bug 14551) Cancel upload no longer automatically suppresses warnings
+* (bug 13878) Deprecate Article::getDB() in favor of direct wfGetDB() calls
+* (bug 4977) Fix for possible squid purging errors when using HTTP purges
+ and multiple servers
+* (bug 14572) Redirects listed on file links on image pages no longer redirect.
+* (bug 14537) Change interwiki name for Old Church Slavonic (cu)
+* (bug 14583) Fix regression in recent changes "limit to certain categories."
+* (bug 14515) HTML nesting cleanup on edit form
+* (bug 14647) Removed unused 'townBox' CSS classes
+* (bug 14687) OutputPage::addStyle() now adds type="text/css" like it should.
+* OpenSearch cleanup; Firefox now sends you to the search page for empty
+ searches instead of the domain root (which may not even be a wiki).
+* (bug 3481) Pages moved shortly after creation are shown at their new title
+ on Special:Newpages.
+* (bug 12716) Trying to unprotect a title that isn't protected no longer
+ generates a log entry.
+* (bug 14088) Excessively long block expiry times are rejected as invalid,
+ keeps the log page from being distorted.
+* (bug 14708) Emulate INSERT...IGNORE with standard SQL for Postgres backend.
+* (bug 14646) Fix some double-escaping of HTML in feed output
+* (bug 14709) Fix login success message formatting when using cookie check
+* (bug 14710) Remove "donate" link from default sidebar
+* (bug 14745) Image moving works on sites that transform thumbnails via 404
+* (bug 2186) Document.write() in wikibits caused failures when using
+ application/xhtml+xml. The calls to this have been removed.
+* (bug 14764) Fix regression in from Article::lastModified(), failed to work
+ on non-mySQL schemas.
+* (bug 14763) Child classes of Database (DatabasePostgres and DatabaseOracle)
+ had stict standards issues with setFakeSlaveLag() and setFakeMaster().
+* (bug 451) Improve the phrase mappings of the Chinese converter arrays.
+* (bug 12487) Rights log is not fully internationalized
+* (bug 10837) Language variants no longer override other languages than base
+* (bug 14778) 'limit' parameter now applies to history feeds as well as
+ history pages
+* (bug 14845) Bug in prefs javascript: Calling an array item without checking
+ its existance.
+* Accesskeys for minor edit/watch checkboxes on edit now work in Firefox 3
+* (bug 12384) Comments in maintenance/*php
+* (bug 12441) ./maintenance/generateSitemap.php fix -fspath requiring
+ a trailing slash.
+* (bug 12568) configuration script now produce valid XHTML.
+* The accesskey to edit a page is now disabled when editing the page, to pre-
+ vent conflicts with Safari shortcuts.
+
+=== API changes in 1.13 ===
+
+* Fixing main page display in meta=siteinfo
+* (bug 13128) Added patrolled flag to list=recentchanges
+* Implemented {bl,ei,iu}redirect (lists links through redirects as well)
+* (bug 13154) Introduced subpages flag to meta=siteinfo&siprop=namespaces
+* (bug 13157) Added ucuserprefix parameter to list=usercontibs
+* (bug 12394) Added rctitles parameter to list=recentchanges, making rcid
+ retrieval easier
+* (bug 13218) Fix inclusion of " character in hyperlinks
+* Added watch and unwatch parameters to action=delete and action=move
+* Added action=edit
+* (bug 11401) Added xmldoublequote to xml formatter
+* Added rvsection parameter to prop=revisions to allow fetching the content of
+ a certain section only
+* Introduced list=allimages
+* (bug 13371) Build page set from image hashes
+* Mark non-existent messages in meta=allmessages as missing
+* (bug 13390) One invalid title no longer kills an entire API query
+* (bug 13419) Fix gblredirect so it actually works
+* (bug 13418) Disable eiredirect because it's useless
+* (bug 13395) list=allcategories should use category table
+* (bug 13442) Missing pages in prop=langlinks and prop=extlinks are now
+ handled properly.
+* (bug 13444) Add description to list=watchlist
+* (bug 13482) Disabled search types handled properly
+* Added inprop=talkid,subjectid to prop=info
+* Added help text message that specifies whether a module is POST-only
+* Added createonly parameter to action=edit
+* Replaced $wgAPIUCUserPrefixMinLength by the more generic $wgAPIMaxDBRows
+* (bug 11719) Remove trailing blanks in YAML output.
+* (bug 13541) Added siprop=specialpagealiases to meta=siteinfo
+* Added fallback8bitEncoding and readonly fields to
+ meta=siteinfo&siprop=general output
+* (bug 13544) Added prop=revid to action=parse
+* (bug 13603) Added siprop=usergroups to meta=siteinfo
+* Cleaned up redirect resolution
+* Added possibility to obtain all external links through list=exturlusage
+* (bug 13606) Added archivename to iiprop
+* (bug 11633) Explicitly convert redirect titles to strings due to PHP's
+ very weak typing on array keys.
+* (bug 12136) Extend allowed characters in JSON callback to ][.'"_A-Za-z0-9
+* (bug 11673) Return error 'unknown_action' in specified format
+* (bug 13618) Added rcprop=redirect and rcshow=redirect to list=recentchanges
+* (bug 13544) Added oldid parameter to action=parse to allow for parsing of old
+ revisions
+* (bug 13718) Return the proper continue parameter for cmsort=timestamp
+* action=login now returns the correct waiting time in the details property
+* (bug 13792) Broken titles are now silently skipped in search results.
+* (bug 13819) exturlusage paging skipped an item
+* Fixed handling of usernames containing spaces in list=block
+* (bug 13836) Fixed fatal errors resulting from combining iiprop=metadata with
+ format=xml
+* (bug 13735) Added prop=categoryinfo module
+* (bug 13945) Retrieve cascading protection sources via inprop=protection
+* (bug 13965) Hardcoded 51 limit on titles is too limiting
+* (bug 13993) apfrom doesn't work with apdir=descending
+* (bug 14018) Introduced alcontinue to list=alllinks to improve paging
+* (bug 14013) Added rcshow=patrolled to list=recentchanges
+* (bug 14028) Added language attribute to interwiki map in meta=siteinfo
+* (bug 14022) Added usprop=registration and auprop=blockinfo
+* (bug 14021) Removed titles= support from list=backlinks (has been obsolete
+ for ages)
+* (bug 13829) Expose parse tree via action=expandtemplates
+* (bug 13606) Allow deletion of images
+* Added iiprop=mime and aiprop=metadata
+* Handled unrecognized values for parameters more gracefully
+* Handled requesting disallowed tokens more gracefully
+* (bug 14140) URL-encoded page titles are now decoded in edit summaries
+* (bug 14243) Only accept post requests in action=edit; patch by HardDisk
+* action=block now returns an ISO8601 timestamp, like all other modules do
+* Added md5 parameter to action=edit
+* (bug 14335) Logging in to unified account using API not possible
+* Added action=emailuser to send an email to a user
+* (bug 14471) Use HTMLTidy and generate limit report in action=parse
+* (bug 14459) Added prependtext and appendtext parameters to action=edit
+* (bug 14526) Unescaped SQL in list=backlinks
+* Added 'hidden' flag to list=allcategories and prop=categoryinfo output
+* Added nocreate parameter to action=edit
+* (bug 14402) Added maxage and smaxage parameters to api.php
+* Added bkip parameter to list=blocks
+* (bug 14651) apprefix and similar parameters are now canonicalized
+* Added clprop=timestamp to prop=categories
+* (bug 14678) API errors now respects $wgShowExceptionDetails and
+ $wgShowSQLErrors
+* (bug 14723) Added time zone and writing direction to meta=siteinfo
+* Added APIQueryInfoTokens and APIQueryRevisionsTokens hooks so extensions
+ can add their own tokens
+* Added block and unblock tokens to prop=info as well
+* Added paging (limit and continue parameters) to
+ prop={links,templatelinks,langlinks,extlinks,categories,images}
+* Added flag "top" to list=usercontribs if the user is the last contributor to
+ the page
+* list=exturlusage in "list all links" mode can now filter by protocol
+
+
+
== MediaWiki 1.12 ==
This is the Winter 2007 quarterly release.
@@ -30,7 +675,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
remove the groups specified in $wgAddGroups and $wgRemoveGroups for
any groups they are in.
* New permission userrights-interwiki for changing user rights on foreign wikis.
-* $wgImplictGroups for groups that are hidden from Special:Listusers, etc.
+* $wgImplicitGroups for groups that are hidden from Special:Listusers, etc.
* $wgAutopromote: automatically promote users who match specified criteria
* $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf: allow users to add or remove
themselves from specified groups via Special:Userrights.
@@ -2511,7 +3156,7 @@ they will be run along with the main tests by maintenance/parserTests.php
* (bug 6701) Kazakh language variants in MessagesEn.php
* (bug 7335) SVN revision check in Special:Version fails on SVN 1.4 working copy
* (bug 6518) Replaced 'lastmodified' with 'lastmodifiedat' and 'lastmodifiedby' with 'lastmodifiedatby'
- with seperated parameters for date and time to allow better localisation. Updated all message files
+ with separated parameters for date and time to allow better localisation. Updated all message files
to display the old format for compatibility.
* (bug 7357) Make supposedly static methods of Skin actually static
* Added info text to Special:Deadendpages and Special:Lonelypages
@@ -4584,7 +5229,7 @@ Various bugfixes, small features, and a few experimental things:
* Fixed a bug in Special:Contributions that caused the namespace selection to
be forgotten between submits
* Special:Watchlist/edit now has namespace subheadings
-* (bug 1714) the "Save page" button now has right margin to seperate it from
+* (bug 1714) the "Save page" button now has right margin to separate it from
"Show preview" and "Show changes"
* Special:Statistics now supports action=raw, useful for bots designed to
harwest e.g. article counts from multiple wikis.