From 63601400e476c6cf43d985f3e7b9864681695ed4 Mon Sep 17 00:00:00 2001 From: Pierre Schmitz Date: Fri, 18 Jan 2013 16:46:04 +0100 Subject: Update to MediaWiki 1.20.2 this update includes: * adjusted Arch Linux skin * updated FluxBBAuthPlugin * patch for https://bugzilla.wikimedia.org/show_bug.cgi?id=44024 --- RELEASE-NOTES-1.20 | 447 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 447 insertions(+) create mode 100644 RELEASE-NOTES-1.20 (limited to 'RELEASE-NOTES-1.20') diff --git a/RELEASE-NOTES-1.20 b/RELEASE-NOTES-1.20 new file mode 100644 index 00000000..17c3ba2e --- /dev/null +++ b/RELEASE-NOTES-1.20 @@ -0,0 +1,447 @@ += MediaWiki release notes = + +Security reminder: MediaWiki does not require PHP's register_globals +setting since version 1.2.0. If you have it on, turn it '''off''' if you can. + + +== MediaWiki 1.20.2 == + +This is a maintenance release of the MediaWiki 1.20 branch + +=== Changes since 1.20.1 === +* (bug 42638) Fix API action=options&reset=1 & unit tests. +* (bug 42370) Fixed backport of 60cc060 to use mDoneWrites. + +== MediaWiki 1.20.1 == + +This is a security release of the MediaWiki 1.20 branch + +=== Changes since 1.20 === +* (bug 42202) Validate options to prevent html injection +* (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391) +* (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit +* Javscript Lint fixes +* (bug 40632) Remove CleanupPresentationalAttributes feature +* [Database] Fixed case where trx idle callbacks might be lost. + +== MediaWiki 1.20 == + +MediaWiki 1.20 is a stable release. + +=== PHP 5.3 now required === +Since 1.20, the lowest supported version of PHP is now 5.3.2. Please +upgrade PHP if you have not done so prior to upgrading MediaWiki. + +=== Configuration changes in 1.20 === +* $wgGitRepositoryViewers defines a mapping from Git remote repository to the + Gitweb instance URL used in Special:Version. +* `$wgUsePathInfo = true;` is no longer needed to make $wgArticlePath work on servers + using like nginx, lighttpd, and apache over fastcgi. MediaWiki now always extracts + path info from REQUEST_URI if it's available. +* The user right 'upload_by_url' is no longer given to sysops by default. + This only affects installations which have $wgAllowCopyUploads set to true. +* Removed f-prot support from $wgAntivirusSetup. +* New variable $wgDBerrorLogTZ to provide dates in the error log in a + different timezone than the wiki timezone set by $wgLocaltimezone. +* New variables $wgDBssl and $wgDBcompress to enable SSL and compression for database + connections, if either are available for the selected DB type. +* $wgUseCombinedLoginLink now defaults to false, making MediaWiki output separate + login and create account links by default. + +=== New features in 1.20 === +* Added TitleIsAlwaysKnown hook which gets called when determining if a page exists. +* Added NamespaceIsMovable hook which gets called when determining if pages in a + certain namespace can be moved. +* Added SpecialPageBeforeExecute hook which gets called before SpecialPage::execute. +* Added SpecialPageAfterExecute hook which gets called after SpecialPage::execute. +* Added ORMTable, ORMRow and ORMResult classes for additional abstraction of + database interaction. +* Added CacheHelper and associated SpecialCachedPage and CachedAction helper classes. +* (bug 32341) Add upload by URL domain limitation. +* &useskin=default will now always display the default skin. Useful for users with a + preference for the non-default skin to look at something using the default skin. +* (bug 27619) Remove preference option to display broken links as link? +* (bug 34896) jQuery JSON plugin upgraded to v2.3 (2011-09-17). +* (bug 34302) Add CSS classes to email fields in user preferences. +* Introduced $wgDebugDBTransactions to trace transaction status (currently PostgreSQL only). +* (bug 23795) Add parser itself to ParserMakeImageParams hook. +* Introduce a cryptographic random number generator source api for use when + generating various tokens. +* (bug 30963) Option on Special:Prefixindex and Special:Allpages to not show redirects. +* (bug 18062) New message when edit or create the local page of a shared file. +* (bug 22870) Separate interface message when creating a page. +* (bug 17615) nosummary option should be reassigned on preview/captcha. +* (bug 34355) Add a variable and parser function for the namespace number. +* (bug 35649) Special:Version now shows hashes of extensions checked out from git. +* (bug 35728) Git revisions are now linked on Special:Version. +* "Show Changes" on default messages shows now diff against default message text +* (bug 23006) create #speciale parser function. +* generateSitemap can now optionally skip redirect pages. +* (bug 27757) New API command just for retrieving tokens (not page-based). +* Added GitViewers hook for extensions using external git repositories to have a web-based + repository viewer linked to from Special:Version. +* Memcached debug logs can now be sent to their own file logs by setting + $wgDebugLogFile['memcached'] to some filepath. +* (bug 35685) api.php URL and other entry point URLs are now listed on + Special:Version +* Edit notices can now be translated. +* jQuery upgraded to 1.8.2. +* jQuery UI upgraded to 1.8.23. +* QUnit upgraded from v1.2.0 to v1.10.0. +* (bug 37604) jquery.cookie upgraded to 2011 version. +* (bug 22887) Add warning and tracking category for preprocessor errors +* (bug 31704) Allow selection of associated namespace on the watchlist +* (bug 5445) Now remove autoblocks when a user is unblocked. +* Added $wgLogExceptionBacktrace, on by default, to allow logging of exception + backtraces. +* Added device detection for determining device capabilities. +* QUnit.newMwEnvironment now supports passing a custom setup and/or teardown function. + Arguments signature has changed. First arguments is now an options object of which + 'config' can be a property. Previously 'config' itself was the first and only argument. +* New getCreator and getOldestRevision methods added to WikiPage class +* (bug 4220) the XML dump format schema now have unique identity constraints + for page and revision identifiers. Patch by Elvis Stansvik. +* cleanupSpam.php now can delete spam pages if --delete was specified instead of blanking + them. +* Added new hook ChangePasswordForm to allow adding of additional fields in Special:ChangePassword +* Added new function getDomain to AuthPlugin for getting a user's domain +* (bug 23427) New magic word {{PAGEID}} which gives the current page ID. + Will be null on previewing a page being created. +* (bug 37627) UserNotLoggedIn() exception to show a generic error page whenever + a user is not logged in. +* Watched status in changes lists are no longer indicated by + tags with class "mw-watched". Instead, each line now has a class + "mw-changeslist-line-watched" or "mw-changeslist-line-not-watched", and the + title itself is surrounded by tags with class "mw-title". +* Added ContribsPager::reallyDoQuery hook allowing extensions to data to MyContribs +* Added new hook ParserAfterParse to allow extensions to affect parsed output + after the parse is complete but before block level processing, link holder + replacement, and so on. +* (bug 34678) Added InternalParseBeforeSanitize hook which gets called during Parser's + internalParse method just before the parser removes unwanted/dangerous HTML tags. +* Added new hook AfterFinalPageOutput to allow modifications to buffered page output before sent + to the client. +* (bug 36783) Implement jQuery Promise interface in mediawiki.api module. +* Make dates in sortable tables sort according to the page content language + instead of the site content language +* (bug 37926) Deleterevision will no longer allow users to delete log entries, + the new deletelogentry permission is required for this. +* (bug 14237) Allow PAGESINCATEGORY to distinguish between 'all', 'pages', 'files' + and 'subcats' +* (bug 38362) Make Special:Listuser includeable on wiki pages. +* Added support in jquery.localize for placeholder attributes. +* (bug 38151) Implemented mw.user.getRights for getting and caching the current + user's user rights. +* Session storage can now configured independently of general object cache + storage, by using $wgSessionCacheType. $wgSessionsInMemcached has been + renamed to $wgSessionsInObjectCache, with the old name retained for backwards + compatibility. When this feature is enabled, the expiry time can now be + configured with $wgObjectCacheSessionExpiry. +* Added a Redis client for object caching. +* Implemented mw.user.getGroups for getting and caching user groups. +* (bug 37830) Added $wgRequirePasswordforEmailChange to control whether password + confirmation is required for changing an email address or not. +* HTMLForm mutators can now be chained (they return $this) +* A new message, "api-error-filetype-banned-type", is available for formatting + API upload errors due to the file extension blacklist. +* New hook 'ParserTestGlobals' allows to set globals before running parser tests. +* Allow importing pages as subpage. +* Add lang and hreflang attributes to language links on Login page. +* (bug 22749) Create Special:MostInterwikis. +* Show change tags when transclude Special:Recentchanges(linked) or Special:Newpages. +* (bug 23226) Add |class= parameter to image links in order to add class(es) to HTML img tag. +* (bug 39431) SVG animated status is now shown in long description. +* (bug 39376) jquery.form upgraded to 3.14. +* SVG files will now show the actual width in the SVG's specified units + in the metadata box. +* Added ResourceLoader module "jquery.jStorage" (v0.3.0, http://jStorage.info/). +* (bug 39273) Added AJAX support for "Show changes" (diff) in LivePreview. +* Added ResourceLoader module "jquery.badge". +* mw.util.$content now points to the overall content area in the skin rather than just + page text content area. If you need the old behaviour please use $( '#mw-content-text'). +* jsMessage has been replaced with a floating bubble notification system complete + with auto-hide, multi-message support, and message replacement tags. +* jquery.messageBox which appears to be unused by both core and extensions has + been removed. +* (bug 34939) Made link parsing insensitive ([HttP://]). +* (bug 40072) Add CSS classes to items in output of ChangesList pages. +* Added $wgCopyUploadProxy global to define which proxy to use for copy + uploads. +* (bug 40448) mediawiki.legacy.mwsuggest has been replaced with a new module, + mediawiki.searchSuggest, based on SimpleSeach from Extension:Vector. + +=== Known issues in 1.20.0 === +These are issues that we're targeting to be fixed in a later release +in the 1.20 series. Issues may be added or removed from this list as +we see fit. For now, it is comprised of those bugs on the 1.20.0 +milestone in Bugzilla. + +* (bug 35894): Reports of secret key generation "hanging" on windows + This is probably a bug that has been fixed in PHP. If you run + into this, try upgrading your PHP. +* (bug 38334): PHP Notice: Undefined index: href in /www/w/skins/Vector.php on line 416 + We think this is a problem in some extension. If you see this, + try disabling your extensions and check out the logging patch on + this bug. Or try this patch: + +* (bug 39268): [Regression] Toolbar inserts in main textarea only (instead of the focussed textarea) + This should only be an issue if you are using the ProofreadPage + extension. +* (bug 40641): Clicking "others" in Special:Version asks to download a file + If you encounter this, you can tell your webserver to serve the + CREDITS file with text/plain MIME type to fix it. + +=== Bug fixes in 1.20 === +* (bug 40939): [Regression] InfoAction: Call to a member function getUserText() on a non-object +* (bug 40780): searchsuggest-containing line ("containing...") doesn't include the entered text +* (bug 37714): [Regression] Incomplete log entries +* (bug 27202): API: Add timestamp sort to list=allimages +* (bug 30245) Use the correct way to construct a log page title. +* (bug 34237) Regenerate an empty user_token and save to the database + when we try to set the user's cookies for login. +* (bug 32210) New edit emails for watched pages always provide a link to the + edit which triggered the mail. +* (bug 12021) Added user talk link on Special:Listusers. +* (bug 34445) section edit and TOC hide/show links are excluded from selection and + copy/paste on supporting browsers. +* (bug 34428) Fixed incorrect hash mismatch errors in the DiffHistoryBlob + history compression method. +* (bug 34702) Localised parentheses are now used in more special pages. +* (bug 34723) When editing a script page on a RTL wiki the textbox should be LTR. +* (bug 34762) Calling close() on a DatabaseBase object now clears the connection. +* (bug 34863) Show deletion log extract on non-existent file pages if applicable. +* (bug 28019) Let ?preloadtitle=foo be passed on to target of + Special:MyPage and Special:MyTalk. +* (bug 34929) Show the correct diff when a section edit is rejected by the spam + filter. +* (bug 15816) Add a switch for SETting the search_path (Postgres). +* (bug 34521) Returning to the previous page after logging in loses any array- + valued parameters in the query string. +* (bug 34735) Updated compressOld.php documentation to mention the different + usages of -s and -n parameters depending on compression type. +* (bug 13896) Rendering of devanagari numbers in automatic '#' number lists. +* (bug 33689) Upgrade to 1.19 on Postgres fails due to incomplete query when. + trying to defer foreign key for externallinks. +* (bug 32748) Printer friendly version of article decode Unicode chars as a + pretty IRI in footer. +* Removed white border around thumbnails in galleries. +* (bug 31236) "Next" and "Previous" buttons are shown incorrectly in + an RTL environment. +* (bug 35749) Updated maintenance/checkSyntax.php to use Git instead of + Subversion when invoked with the --modified option. +* (bug 35069) On history pages, the " . . " separator after the number of + characters changed in a revision is now suppressed if no text would follow. +* (bug 18704) Add a unique CSS class or ID to the tagfilter table row at RecentChanges +* (bug 33564) transwiki import sometimes result in invalid title. +* (bug 35572) Blocks appear to succeed even if query fails due to wrong DB structure +* (bug 31757) Add a word-separator between help-messages in HTMLForm +* (bug 30410) Removed deprecated $wgFilterCallback and the 'filtered' API error. +* (bug 32604) Some messages needs escaping of wikitext inside username. +* (bug 36537) Rename wfArrayToCGI to wfArrayToCgi for consistency with wfCgiToArray. +* (bug 25946) The message on the top of Special:RecentChanges is now displayed. + in user language instead of content language. +* (bug 35264) Wrong type used for in export.xsd +* (bug 24985) Use $wgTmpDirectory as the default temp directory so that people + who don't have access to /tmp can specify an alternative. +* (bug 27283) SqlBagOStuff breaks PostgreSQL transactions. +* (bug 35727) mw.Api ajax() should put token parameter last. +* (bug 37708) mw.Uri.clone() should make a deep copy. +* (bug 38024) ResourceLoader should not create empty stylesheets for modules + that don't have stylesheets. +* (bug 36812) Special:ActiveUsers "Hide bots" should hide users from any group + having the "bot" user right, instead of just the default "bot" user group. +* (bug 35082) mw.util.addPortletLink incorrectly adds link to mutiple
    tags. +* (bug 36991) jquery.tablesorter should extract date sort format from date + string instead of global config. Dates like "April 1 2012" and "1 April 2012" + now sort correctly regardless of the content language's DefaultDateFormat. +* (bug 31895) mw.loader mode now correct when triggered from a $.fn.ready + handler that is bound before mediawiki.js's handler (e.g. browser-userscripts + like greasemonkey). +* (bug 38152) jquery.tablesorter: Use .data() instead of .attr(), so that live + values are used instead of just the fixed values from when the tablesorter + was initialized. +* (bug 38093) Gender of changed user groups missing in Special:Log/rights +* (bug 35893) Special:Block needs to load mediawiki.special.block.js. +* (bug 37331) ResourceLoader modules sometimes execute twice in Firefox +* (bug 31644) GlobalUsage, CentralAuth and AbuseLog extensions should not use + insecure links to foreign wikis in the WikiMap. +* (bug 36073) Avoid duplicate element IDs on File pages. +* (bug 25095) Special:Categories should also include the first relevant item + when "from" is filled. +* (bug 35526) jquery.tablesorter now uses a stable sort. +* (bug 38953) --memory-limit switch not working for runJobs.php. +* (bug 33037) Make subpage of Special:newfiles control how many files + are returned, like in previous versions. +* (bug 36524) "Show" options on Special:RecentChanges and Special:RecentChangesLinked + are now remembered between successive clicks. +* (bug 26069) Page title is no longer "Error" for all error pages. +* (bug 39297) Show warning if thumbnail of animated image will not be animated. +* (bug 38249) Parser will throw an exception instead of outputting gibberish if + PCRE is compiled without support for unicode properties. +* (bug 30390) Suggested file name on Special:Upload should not contain + illegal characters. +* EXIF below sea level GPS altitude data is now shown correctly. +* (bug 39284) jquery.tablesorter should not consider "."" or "?"" to be a currency. +* (bug 39273) "Show changes" should not be incorrectly displayed in the Live Preview state. +* Made body-content lang attribute honor the variant language when it is set. +* (bug 36761) "Mark pages as visited" now submits previously established filter options. +* (bug 39635) PostgreSQL LOCK IN SHARE MODE option is a syntax error. +* (bug 36329) Accesskey tooltips for Firefox 14 on Mac should use "ctrl-option-" prefix. +* (bug 32552) Drop unused database field cat_hidden from table category. +* (bug 40214) Category pages no longer use deprecated "width" HTML attribute. +* (bug 39941) Add missing stylesheets to the installer pages +* In HTML5 mode, allow new input element types values (such as color, range..) +* (bug 36151) mw.Title: Don't limit extension in title parsing. +* (bug 38158) jquery.byteLimit sometimes causes an unexpected 0 maxLength being enforced. +* (bug 38163) jquery.byteLimit incorrectly limits input when using methods other than + basic per-char typing. +* (bug 34495) patrol log now credit the user patrolling (instead of patrolled + user). +* (bug 31676) ResourceLoader should work around IE stylesheet limit. +* (bug 40498) ResourceLoader should not output an empty "@media print { }" block. +* (bug 40500) ResourceLoader should not ignore media-type for urls in debug mode. +* (bug 40660) ResourceLoaderWikiModule should not convert " " to a space + for pages from the MediaWiki-namespace. +* (bug 40329) (bug 40632) Removed CleanupPresentationalAttributes feature. + +=== API changes in 1.20 === +* (bug 34316) Add ability to retrieve maximum upload size from MediaWiki API. +* (bug 34313) MediaWiki API intro message about "HTML format" should mention + the format parameter. +* (bug 32384) Allow descending order for list=watchlistraw. +* (bug 31883) Limit of bkusers of list=blocks and titles of action=query is + not documented in API help. +* (bug 32492) API now allows editing using pageid. +* (bug 32497) API now allows changing of protection level using pageid. +* (bug 32498) API now allows comparing pages using pageids. +* (bug 30975) API import of pages with invalid characters in this wiki leads to Fatal Error. +* (bug 30488) API now allows listing of backlinks/embeddedin/imageusage per pageid. +* (bug 34927) Output media_type for list=filearchive. +* (bug 28814) add properties to output of action=parse. +* (bug 33224) add variants of content language to meta=siteinfo. +* (bug 32643) action=purge with forcelinkupdate no longer crashes when ratelimit is reached. +* The paraminfo module now also contains result properties for most modules. +* (bug 32348) Allow descending order for list=alllinks. +* (bug 31777) Upload unknown error ``fileexists-forbidden''. +* (bug 32382) Allow descending order for list=iwbacklinks. +* (bug 32381) Allow descending order for list=backlinks, list=embeddedin and list=imageusage. +* (bug 32383) Allow descending order for list=langbacklinks. +* API meta=siteinfo can now return the list of known variable IDs. +* (bug 35980) list=deletedrevs now honors drdir correctly in "all" mode (mode #3). +* (bug 29290) API avoids mangling fields in continuation parameters +* (bug 36987) API avoids mangling fields in continuation parameters +* (bug 30836) siteinfo prop=specialpagealiases will no longer return nonexistent special pages +* (bug 38190) Add "required" flag to some token params for hint in api docs. +* (bug 27567) Add file repo support to prop=duplicatefiles. +* (bug 27610) Add archivename for non-latest image version to list=filearchive +* (bug 38231) Add xml parse tree to action=parse. +* Watchlist notification timestamp may be queried by page and may be updated via the API. +* (bug 38904) prop=revisions&rvstart=... no longer blows up when continuing. +* (bug 39032) ApiQuery generates help in constructor. +* (bug 11142) Improve file extension blacklist error reporting in API upload. +* (bug 39665) Cache AllowedGenerator array so it doesn't autoload all query classes + on every request. + +=== Languages updated in 1.20 === + +MediaWiki supports over 350 languages. Many localisations are updated +regularly. Below only new and removed languages are listed, as well as +changes to languages because of Bugzilla reports. + +* Emilian (egl) added. +* Tornedalen Finnish (fit) added. +* Mizo (lus) added. +* Santali (sat) added. +* (bug 34192) Namespace gender aliases for Albanian languages (sq & aln). +* (bug 35541) Namespace gender aliases for Croatian (hr). +* (bug 36012) Space in $separatorTransformTable should be non-breaking in + Portuguese, Esperanto and Udmurt. +* Turoyo (tru) added. +* Cyrillic-Latin language converter added for Uzbek (uz). + +=== Other changes in 1.20 === +* The user_token field is now left empty until a user attempts to login and + cookies need to be set. It is also now possible to reset every user's + user_token simply by clearing the values in the user_token column. +* Removed ./tests/qunit/index.html from core. It wasn't actively maintained and + has been made obsolete when [[Special:JavaScriptTest/qunit]] was introduced, + which actually uses ResourceLoader, LocalSettings and the Skin. +* Removed $wgDBtransactions global. This was only checked in one class + and only applies to MyISAM or similar DBs. Those should only be used + for archived sites anyway. We can't get edit conflicts on such sites, + so the WikiPage code wasn't useful there either. +* Deprecated mw.user.name in favour of mw.user.getName. +* Deprecated mw.user.anonymous in favour of mw.user.isAnon. +* Deprecated DatabaseBase functions newFromParams(), newFromType(), set(), + quote_ident(), and escapeLike() were removed. +* Use of __DIR__ instead of dirname( __FILE__ ). +* OutputPage::wrapWikiMsg() no longer supports the 'options' parameter. It was + not used and complicated migration to Message class. +* Live preview functionality has been improved and moved into the + 'mediawiki.action.edit.preview' module. The old 'mediawiki.legacy.preview' module + has been removed. +* (bug 40448) Removed mediawiki.legacy.mwsuggest module, and removed the + following that has become obsolete: + - globals $wgEnableMWSuggest and $wgMWSuggestTemplate. + - mw.config.values wgMWSuggestTemplate and wgSearchNamespaces. + - method SearchEngine::getMWSuggestTemplate(). + +== Compatibility == + +MediaWiki 1.20 requires PHP 5.3.2. PHP 4 is no longer supported. + +MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but +support for them is somewhat less mature. There is experimental support for IBM +DB2 and Oracle. + +The supported versions are: + +* MySQL 5.0.2 or later +* PostgreSQL 8.3 or later +* SQLite 3.3.7 or later +* Oracle 9.0.1 or later + +== Upgrading == + +1.20 has several database changes since 1.19, and will not work without schema +updates. + +If upgrading from before 1.11, and you are using a wiki as a commons +repository, make sure that it is updated as well. Otherwise, errors may arise +due to database schema changes. + +If upgrading from before 1.7, you may want to run refreshLinks.php to ensure +new database fields are filled with data. + +If you are upgrading from MediaWiki 1.4.x or earlier, some major database +changes are made, and there is a slightly higher chance that things could +break. Don't forget to always back up your database before upgrading! + +See the file UPGRADE for more detailed upgrade instructions. + +For notes on 1.19.x and older releases, see HISTORY. + +== Online documentation == + +Documentation for both end-users and site administrators is available on +MediaWiki.org, and is covered under the GNU Free Documentation License (except +for pages that explicitly state that their contents are in the public domain): + + https://www.mediawiki.org/wiki/Documentation + +== Mailing list == + +A mailing list is available for MediaWiki user support and discussion: + + https://lists.wikimedia.org/mailman/listinfo/mediawiki-l + +A low-traffic announcements-only list is also available: + + https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce + +It's highly recommended that you sign up for one of these lists if you're +going to run a public MediaWiki, so you can be notified of security fixes. + +== IRC help == + +There's usually someone online in #mediawiki on irc.freenode.net. -- cgit v1.2.2