= MediaWiki release notes = Security reminder: MediaWiki does not require PHP's register_globals setting since version 1.2.0. If you have it on, turn it '''off''' if you can. == MediaWiki 1.19 == MediaWiki 1.19 is a large release that contains many new features and bug fixes. This is a summary of the major changes of interest to users. You can consult the RELEASE-NOTES-1.19 file for the full list of changes in this version. Our thanks go to everyone who helped to improve MediaWiki by testing the beta release and submitting bug reports. === Changes since 1.19 beta 2 === * Special:Watchlist no longer sets links to feed when the user is anonymous. * (bug 35961) Hash comparison should always be strict. * Fix broken email confirmation expiration caused by MWCryptRand changes. * (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php on line 598. * (bug 36042) 'show' causes a fatal in blocks API. === Changes since 1.19 beta 1 === * (bug 35014) Including a special page no longer sets the page's title to the included page * (bug 35019) Edit summaries are no longer transformed in notification e-mails * (bug 35152) Help message for e-mail is shown again in user preferences * (bug 34887) $3 and $4 parameters are now substituted correctly in message "movepage-moved" * (bug 34841) Edit links are no longer displayed when display old page versions * (bug 34889) User name should be normalized on Special:Contributions * (bug 35051) If heading has a trailing space after == then its name is not preloaded into edit summary on section edit * (bug 31417) New ID mw-content-text around the actual page text, without categories, contentSub, ... The same div often also contains the class mw-content-ltr/rtl. * (bug 35303) Proxy and DNS blacklist blocking works again * (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in core parser functions which operate on strings, such as padleft. * (bug 18295) Don't expose strip markers when a tag appears inside a link inside a heading. * (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token parameter present. * (bug 34907) Fixed exposure of tokens through load.php that could have facilitated CSRF attacks. * (bug 35317) CSRF in Special:Upload. === Configuration changes in 1.19 === * Removed SkinTemplateSetupPageCss hook; use BeforePageDisplay instead. * (bug 27132) movefile right granted by default to registered users. * Default cookie lifetime ($wgCookieExpiration) is increased to 180 days. * (bug 31204) Removed old user.user_options. * $wgMaxImageArea now applies to jpeg files if they are not scaled with ImageMagick. * Introduced $wgQueryPageDefaultLimit (defaults to 50) for the number of items to show by default on query pages (special pages such as Whatlinkshere). * (bug 32470) Increase the length of ug_group. * (bug 32239) Removed $wgEnableTooltipsAndAccesskeys. * Removed $wgVectorShowVariantName. * Removed $wgExtensionAliasesFiles. Use $wgExtensionMessagesFiles. * Removed $wgResourceLoaderInlinePrivateModules , now always enabled. === New features in 1.19 === * (bug 19838) Add ability to get all interwiki prefixes also if the interwiki cache is used. * $wgDnsBlacklistUrls now accepts an array with url and key as the elements to work with DNSBLs that require keys, such as Project Honeypot. * (bug 30022) Add support for custom loadScript sources to ResourceLoader. * (bug 19052) Unicode space separator characters (Zs) now terminates external links and images links. * (bug 30160) Add public method to mw.loader to get module names from registry. * (bug 15558) Parameters to special pages included in wikitext can now be passed as with templates. * Installer now issues a warning if mod_security is present. * (bug 29455) Add support for a filter callback function in jQuery byteLimit plugin. * Added two new GetLocalURL hooks to better serve extensions working on a limited type of titles. * Added a --no-updates flag to importDump.php that skips updating the links tables. * Most presentational html attributes like valign are now converted to inline css style rules. These attributes were removed from html5 and so we clean them up when $wgHtml5 is enabled. This can be disabled using $wgCleanupPresentationalAttributes. * Magic words (time and number-formatting ones, plus DIRECTIONMARK, but not NAMESPACE) now depend on the page content language instead of the site language. In theory this sets the right magic words in system messages, although they are not used there. * (bug 30451) Add page_props to RefreshLinks::deleteLinksFromNonexistent. * (bug 30450) Clear page_props table on page deletion. * Hook added to check for exempt from account creation throttle. * (bug 30344) Add configuration variable for setting custom priorities when generating sitemaps. * (bug 96170) Add array support for space-separated list attributes (like 'class') in the Html helper class. * (bug 26470) Add checkered background image on hover on files pages. * (bug 30774) mediawiki.html: Add support for numbers and booleans in the attribute values and element contents. * Conversion script between Tifinagh and Latin for the Tachelhit language. * (bug 16755) Add options 'noreplace' and 'noerror' to {{DEFAULTSORT:...}} to stop it from replace an already existing default sort, and suppress error. * (bug 18578) Rewrote revision delete related messages to allow better localisation. * (bug 30364) LanguageConverter now depends on the page content language instead of the wiki content language. * Jump links will now be usable in CSS-capable browsers instead of only in outdated text browsers. * New common*.css files usable by skins instead of having to copy piles of generic styles from MonoBook or Vector's css. * Some deprecated presentational html attributes will now be automatically converted to css. * (bug 31297) Add support for namespaces in Special:RecentChanges subpage filter syntax. * The default user signature now contains a talk link in addition to the user link. * (bug 25306) Add link of old page title to MediaWiki:Delete_and_move_reason. * Added hook BitmapHandlerCheckImageArea. * (bug 30062) Add $wgDBprefix option to cli installer. * getUserPermissionsErrors and getUserPermissionsErrorsExpensive hooks are now also called when checking for 'read' permission. * Introduce $wgEnableSearchContributorsByIP which controls whether searching for an IP address redirects to the contributions list for that IP. * (bug 8859) Database::update should take array of tables too. * (bug 19698) Add "Inverse namespaces" option to Special:Contributions. * (bug 24037) Add byte length of revision to Special:Contributions. * (bug 1672) Added $wgDisableUploadScriptChecks to allow uploading of files containing HTML or JS. DISABLING THESE CHECKS IS VERY DANGEROUS. * New path mappings can be added using the WebRequestPathInfoRouter hook and adding paths to the PathRouter. * (bug 32666) Special:ActiveUsers now allows a subpage to be used as value for the "target" query parameter (eg. Special:ActiveUsers/Username). * New JavaScript variable wgPageContentLanguage. * Added new debugging toolbar, enabled with $wgDebugToolbar. * Differences in the history page now uses slightly better colors for people perceiving colors differently. * (bug 32879) Upgrade jQuery to 1.7.1. * jQuery UI upgraded to 1.8.17. * Extensions can use the 'Language::getMessagesFileName' hook to define new languages using messages files outside of core. * (bug 32512) Add 'Associated namespace' checkbox to Special:Contributions. * Added $wgSend404Code, true by default, which can be set to false to send a 200 status code instead of 404 for nonexistent articles. * (bug 33447) Link to the broken image tracking category from Special:Wantedfiles. * (bug 27724) Add timestamp to job queue. * (bug 30339) Implement SpecialPage for running javascript tests. Disabled by default, due to tests potentially being harmful, not to be run on a production wiki. Enable by setting $wgEnableJavaScriptTest to true. * Extensions can use the RequestContextCreateSkin hook to override what skin is loaded in some contexts. * (bug 33456) Show $wgQueryCacheLimit on cached query pages. * (bug 10574) Add an option to allow all pages to be exported by Special:Export. * mediawiki.js Message object constructor is now publicly available as mw.Message. * (bug 29309) Allow CSS class per tooltip (tipsy). * (bug 33565) Add accesskey/tooltip to submit buttons on Special:EditWatchlist. * (bug 17959) Inline rendering/thumbnailing for Gimp XCF images. * (bug 27775) Namespace has it's own XML tag in the XML dump file. * (bug 30513) Redirect tag is now resolved in XML dump file. * sha1 xml tag added to XML dump file. * (bug 33646) Badtitle error page now emits a 400 HTTP status. * Special:MovePage now has a dropdown menu for namespaces. * (bug 34420) Special:Version now shows git HEAD sha1 when available. * (bug 33952) Refactor mw.toolbar to allow dynamic additions at any time. === Bug fixes in 1.19 === * $wgUploadNavigationUrl should be used for file redlinks if. $wgUploadMissingFileUrl is not set. The first was used for this until the second was introduced in 1.17. * BREAKING CHANGE: Style rules for wikitable are now more specific and prevent inheritance to nested tables which caused various issues (bug 30485 and bug 33434). If your wiki has overriden rules for ".wikitable", please revise them and adjust where neccecary. For comparison, use the "table.wikitable" section in skins/common/shared.css as base. * $wgUploadNavigationUrl is now used for file redlinks if $wgUploadMissingFileUrl is not set. The former was used for this until the second was introduced in 1.17. * (bug 27894) Move 'editondblclick' event listener down from body to div#bodyContent. * (bug 30172) The check for posix_isatty() in maintenance scripts did not detect when the function exists but is disabled. Introduced Maintenance::posix_isatty(). * (bug 30264) Changed installer-generated LocalSettings.php to use require_once() instead require() for included extensions. * Do not convert text in the user interface language to another script. * (bug 26283) Previewing user JS/CSS pages didn't load other user JS/CSS pages. * (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP warnings/notices to be thrown. * (bug 30335) Fix for HTMLForms using GET that were breaking when non-friendly URLs are used. * (bug 28649) Preventing half truncated multi-byte unicode characters when truncating log comments. * Show --batch-size option in help of maintenance scripts that support it. * (bug 4381) Magic quotes cleaning was not comprehensive, key strings were not unescaped. * (bug 23057) Importers no longer can 'edit' or 'create' a fully-protected page by importing a new revision into it. * Allow moving the associated talk pages of subpages even if the base page has no subpage. * Per page edit-notices now work in namespaces without subpages enabled. * (bug 31081) $wgEnotifUseJobQ is no longer unconditionally enqueueing jobs. * (bug 30202) File names are now restricted on upload to 240 bytes, because of restrictions on some of the database fields. * Timezones are now recognised in user preferences when offset is different due to DST. * (bug 31692) "summary" parameter now also works when undoing revisions. * (bug 18823) "move succeeded" text displayed bluelinks even when redirect was suppressed. * (bug 19186) Special:UserLogin's title on Special:SpecialPages now says "create account" when the user cannot create an account. * (bug 31818) 'usercreated' message now supports GENDER. * (bug 32022) Our phpunit.php script can now be executed from another directory. * (bug 26020) Setting $wgEmailConfirmToEdit to true no longer removes diffs. from recent changes feeds. * (bug 30232) add current time to message wlnote on Special:Watchlist. * (bug 29110) $wgFeedDiffCutoff did not affect new pages. * (bug 32168) Add wfRemoveDotSegments for use in wfExpandUrl. * (bug 32358) Do not display "No higher resolution available" for dimensionless files (like audio files). * (bug 32168) Add wfAssembleUrl for use in wfExpandUrl. * (bug 32168) fixed - wfExpandUrl expands dot segments now. * (bug 31535) Upload comments now truncated properly, and don't have brackets. * (bug 32086) Special:PermanentLink now show an error message when no subpage was specified. * (bug 30368) Special:Newpages now shows the new page name for moved pages. * (bug 1697) The way to search blocked usernames in block log should be clearer. * (bug 29747) eAccelerator shared memory caching has been removed since it is now disabled by default and is buggy. APC, XCache and WinCache are not affected. * Installer now refuses to install if php was not compiled with Ctype support. * (bug 29475) Remove "trackback" feature entirely from core. * (bug 32665) Special:BlockList prefills the username in the input field if using the Special:BlockList/username URL. * (bug 27721) Make JavaScript variables wgSeparatorTransformTable and wgDigitTransformTable depend on page content language so the sort script sorts correctly more often. * (bug 32230) Expose wgRedirectedFrom in JavaScript. * (bug 31212) History tab not collapsed when the screen is narrow. * (bug 15521) Use new section summary when the action of adding a new section also happens to create the page. * (bug 32960) Remove EmailAuthenticationTimestamp from database when a email address is removed. * (bug 32414) Empty page get a empty bytes attribute in Export/Dump. * (bug 33101) Viewing a User or User talk of username resembling IP ending with .xxx causes Internal error. * Warning about undefined index in certain situations when $wgLogRestrictions causes the first log type requested to be removed but not the others. * Use separate message ('prefixindex-namespace') for title of Special:PrefixIndex rather then re-using Special:AllPages's allinnamespace. * (bug 33156) Special:Block now allows you to confirm you want to block yourself when using non-normalized username. * (bug 33246) News icon shown for news:// URLs but not for news: URLs. * (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting cssText after DOM insertion. * (bug 30711) When adding a new section to a page with section=new, the text is now always added to the current version of the page. * (bug 31719) Fix uploads of SVGs exported by Adobe Illustrator by expanding XML entities correctly. * (bug 30914) Embeddable ResourceLoader modules (user.options, user.tokens) should be loaded in for proper dependency resolution. * (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded for backward compatibility. * (bug 31469) Make sure tracking category messages expand variables like {{NAMESPACE}} relative to correct title. * (bug 33454) ISO-8601 week-based year number (format character 'o') is now calculated correctly with respect to timezone. * (bug 32219) InstantCommons now fetches content from Wikimedia Commons using HTTPS when the local wiki is served over HTTPS. * (bug 33525) clearTagHooks doesn't clear function hooks. * (bug 33523) Function tag hooks don't appear on Special:Version. * Files with IPTC blocks we can't read no longer prevent extraction of exif or other metadata. * (bug 33587) Remove action "historysubmit" from history pages. * (bug 25800) mw.config wgAction should contain the actually performed action instead of whatever the query value contains. * (bug 4438) Add CSS hook for current WikiPage action. * (bug 33703) Common border-bottom color for should inherit default (text) color. * (bug 33819) Display file sizes in appropriate units. * (bug 32948) {{REVISIONID}} and related variables are no longer blank after doing a null edit. * (bug 33880) $wgUsersNotifiedOnAllChanges should not send e-mail to user who made the edit. * (bug 33902) Decoding %2B with mw.Uri.decode results in ' ' instead of +. * (bug 33762) QueryPage-based special pages no longer misses *-summary message. * Other sizes links are no longer generated for wikis without a 404 thumbnail handler. * (bug 29454) Enforce byteLimit for page title input on Special:MovePage. * (bug 34114) CSSMin::remap() doesn't respect its $embed parameter. * Special:Contributions/newbies now shows the contributions for the user "newbies". New user contributions are obtained using the form or using ?contribs=newbie in URL. * It is now possible to delete images that have no corresponding description pages. * (bug 33165) GlobalFunctions.php line 1312: Call to a member function getText() on a non-object. * (bug 31676) Group dynamically inserted CSS into a single