HRWiki Upgrade to MediaWiki 1.15
MediaWiki 1.15.1
2009-07-14
This is a stable release of the the 2009 Q2 branch of MediaWiki.
MediaWiki is now using a "continuous integration" development model with quarterly snapshot releases. The latest development code is always kept "ready to run", and in fact runs our own sites on Wikipedia.
Release branches will continue to receive security updates for about a year from first release, but nonessential bugfixes and feature developments will be made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
Changes since 1.15.0
- Fixed fatal errors for unusual file repository configurations, such as ForeignAPIRepo.
- Fixed the "change password" link on [/wiki/Special:Preferences Special:Preferences] to have the correct returnto parameter.
- (bug 19693) Fixed cross-site scripting vulnerability in [/wiki/Special:Block Special:Block]
Changes since 1.15.0rc1
- Removed category redirect feature, implementation was incomplete.
- (bug 18846) Remove update_password_format(), unnecessary, destroys all passwords if a wiki with $wgPasswordSalt=false is upgraded with the web installer.
- (bug 19127) Documentation warning for PostgreSQL users who run update.php: use the same user in AdminSettings.php as in LocalSettings.php.
- Fixed possible web invocation of some maintenance scripts, due to the use of include() instead of require(). A full exploit would require a very strange web server configuration.
- Localisation updates.
Configuration changes in 1.15
- Added $wgNewPasswordExpiry, to specify an expiry time (in seconds) to temporary passwords
- Added $wgUseTwoButtonsSearchForm to choose the Search form behavior/look
- Added $wgNoFollowDomainExceptions to allow exempting particular domain names from rel="nofollow" on external links
- (bug 12970) Brought back $wgUseImageResize.
- Added $wgRedirectOnLogin to allow specifying a specifc page to redirect users to upon logging in (ex: "Main Page")
- Add $wgExportFromNamespaces for enabling/disabling the "export all from namespace" option (disabled by default)
New features in 1.15
- (bug 2242) Add an expiry time to temporary passwords
- (bug 9947) Add PROTECTIONLEVEL parser function to return the protection level for the current page for a given action
- (bug 17002) Add &minor= and &summary= as parameters in the url when editing, to automatically add a summary or a minor edit.
- (bug 16852) padleft and padright now accept multiletter pad characters
- When using 'UserCreateForm' hook to add new checkboxes into [/wiki/Special:UserLogin/signup Special:UserLogin/signup], the messages can now contain HTML to allow hyperlinking to the site's Terms of Service page, for example
- Add new hook 'UserLoadFromDatabase' that is called while loading a user from the database.
- (bug 17045) Options on the block form are prefilled with the options of the existing block when modifying an existing block.
- (bug 17055) "(show/hide)" links to [/wiki/Special:RevisionDelete Special:RevisionDelete] now use a CSS class rather than hardcoded HTML tags
- Added new hook 'WantedPages::getSQL' into SpecialWantedpages.php to allow extensions to alter the SQL query which is used to get the list of wanted pages
- (bugs 16957, 16969) Add show/hide to preferences for RC patrol options on specialpages
- (bug 11443) Auto-noindex user/user talk pages for blocked user
- (bug 11644) Add $wgMaxRedirects variable to control how many redirects are recursed through until the "destination" page is reached.
- Add $wgInvalidRedirectTargets variable to prevent redirects to certain special pages.
- Use HTML5 rel attributes for some links, where appropriate
- Added optional alternative Search form look - Go button & Advanced search link instead of Go button & Search button
- (bug 2314) Add links to user custom CSS and JS to [/wiki/Special:Preferences Special:Preferences]
- More helpful error message on raw page access if PHP_SELF isn't set
- (bug 13040) Gender switch in user preferences
- (bug 13040) magic word for interface messages
- (bug 3301) Optionally sort user list according to account creation time
- Remote description pages for foreign file repos are now fetched in the content language.
- (bug 17180) If $wgUseFileCache is enabled, $wgShowIPinHeader is automatically set to false.
- (bug 16604) Mark non-patrolled edits in feeds with "!"
- (bug 16604) Show title/rev in IRC for patrol log
- (bug 16854) Whether a page is being parsed as a preview or section preview can now be determined and set with ParserOptions.
- Wrap message 'confirmemail_pending' into a div with CSS classes "error" and "mw-confirmemail-pending"
- (bug 8249) The magic words for namespaces and pagenames can now be used as parser functions to return the desired namespace or normalized title/title part for a given title.
- (bug 17110) Styled #mw-data-after-content in cologneblue.css to match the rest of the font
- (bug 7556) Time zone names in signatures lack i18n
- (bug 3311) Automatic category redirects
- (bug 17236) Suppress 'watch user page link' for IP range blocks
- Wrap message 'searchresulttext' ([/wiki/Special:Search Special:Search]) into a div with class "mw-searchresult"
- (bug 15283) Interwiki imports can now fetch included templates
- Treat svn:// URLs as external links by default
- New function to convert namespace text for display (only applies on wiki with LanguageConverter class)
- (bug 17379) Contributions-title is now parsed for magic words.
- Preprocessor output now cached in memcached.
- (bug 14468) Lines in classic RecentChanges and Watchlist have classes "mw-line-odd" and "mw-line-even" to make styling using css possible.
- (bug 17311) Add a note beside the gender selection menu to tell users that this information will be public
- Localize time zone regions in [/wiki/Special:Preferences Special:Preferences]
- Add NUMBEROFACTIVEUSERS magic word, which is like NUMBEROFUSERS, but uses the active users data from site_stats.
- Add a <link rel="canonical"> tag on redirected page views
- Replace hardcoded '...' as indication of a truncation with the 'ellipsis' message
- Wrap warning message 'editinginterface' into a div with class 'mw-editinginterface'
- (bug 17497) Oasis opendocument added to mime.types
- Remove the link to [/wiki/Special:FileDuplicateSearch Special:FileDuplicateSearch] from the "file history" section of image description pages as the list of duplicated files is shown in the next section anyway.
- Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from rate limits.
- (bug 14981) Shared repositories can now have display names, located at Mediawiki:Shared-repo-name-REPONAME, where REPONAME is the name in $wgForeignFileRepos
- [/wiki/Special:ListUsers Special:ListUsers]: Sort list of usergroups by alphabet
- (bug 16762) [/wiki/Special:MovePage Special:Movepage] now shows a list of subpages when possible
- (bug 17585) Hide legend on [/wiki/Special:SpecialPages Special:Specialpages] from non-privileged users
- Added $wgUseTagFilter to control enabling of filter-by-change-tag
- (bug 17291) MediaWiki:Nocontribs now has an optional $1 parameter for the username
- Wrap special page summary message '$specialPageName-summary' into a div with class 'mw-specialpage-summary'
- $wgSummarySpamRegex added to handle edit summary spam. This is used *instead* of $wgSpamRegex for edit summary checks. Text checks still use $wgSpamRegex.
- New function to convert content text to specified language (only applies on wiki with LanguageConverter class)
- (bug 17844) Redirect users to a specific page when they log in, see $wgRedirectOnLogin
- Added a link to [/wiki/Special:UserRights Special:UserRights] on [/wiki/Special:Contributions Special:Contributions] for privileged users
- (bug 10336) Added new magic word imported>HRWikiMirrorBot, which displays the editor of the displayed revision's author user name
- LinkerMakeExternalLink now has an $attribs parameter for link attributes and a $linkType parameter for the type of external link being made
- (bug 17785) Dynamic dates surrounded with a tag, fixing sortable tables with dynamic dates.
- (bug 4582) Provide preference-based autoformatting of unlinked dates with the dateformat parser function.
- (bug 17886) [/wiki/Special:Export Special:Export] now allows you to export a whole namespace (limited to 5000 pages)
- (bug 17714) Limited TIFF upload support now built in if 'tif' extension is enabled. Image width and height are now recognized, and when using ImageMagick, optional flattening to PNG or JPEG for inline display can be enabled by setting $wgTiffThumbnailType
- Renamed two input IDs on [/wiki/Special:Log Special:Log] from 'page' and 'user' to 'mw-log-page' and 'mw-log-user', respectively
- Added $wgInvalidUsernameCharacters to disallow certain characters in usernames during registration (such as "@")
- Added $wgUserrightsInterwikiDelimiter to allow changing the delimiter used in [/wiki/Special:UserRights Special:UserRights] to denote the user should be searched for on a different database
- Add a class if 'missingsummary' is triggered to allow styling of the summary line
Bug fixes in 1.15
- (bug 16968) [/wiki/Special:Upload Special:Upload] no longer throws useless warnings.
- (bug 17000) [/wiki/Special:RevisionDelete Special:RevisionDelete] now checks if the database is locked before trying to delete the edit.
- (bug 16852) padleft and padright now handle multibyte characters correctly
- (bug 17010) maintenance/namespaceDupes.php now add the suffix recursively if the destination page exists
- (bug 17035) [/wiki/Special:Upload Special:Upload] now fails gracefully if PHP's file_uploads has been disabled
- Fixing the caching issue by using -{T|xxx}- syntax (only applies on wiki with LanguageConverter class)
- Improving the efficiency by using -{A|xxx}- syntax (only applies on wiki with LanguageConverter class)
- (bug 17054) Added more descriptive errors in [/wiki/Special:RevisionDelete Special:RevisionDelete]
- (bug 11527) Diff on page with one revision shows "Next" link to same diff
- (bug 8065) Fix summary forcing for new pages
- (bug 10569) redirects to [/wiki/Special:MyPage Special:Mypage] and [/wiki/Special:MyTalk Special:Mytalk] are no longer allowed by default. Change $wgInvalidRedirectTargets to re-enable.
- (bug 3043) Feed links of given page are now preceded by standard feed icon
- (bug 17150) escapeLike now escapes literal \ properly
- Inconsistent use of sysop, admin, administrator in system messages changed to 'administrator'
- (bug 14423) Check block flag validity for block logging
- DB transaction and slave-lag avoidance tweaks for Email Notifications
- (bug 17104) Removed [Mark as patrolled] link for already patrolled revisions
- (bug 17106) Added 'redirect=no' and 'mw-redirect' class to redirects at "user contributions"
- Rollback links on new pages removed from "user contributions"
- (bug 15811) Re-upload form tweaks: license fields removed, destination locked, comment label uses better message
- Whole HTML validation ($wgValidateAllHtml) now works with external tidy
- Parser tests no longer fail when $wgExternalLinkTarget is set in LocalSettings
- (bug 15391) catch DBQueryErrors on external storage insertion. This avoids error messages on save were the edit in fact is saved.
- (bug 17184) Remove duplicate "z" accesskey in MonoBook
- Parser tests no longer fail when $wgAlwaysUseTidy is set in LocalSettings.php
- Removed redundant dupe warnings on reupload for the same title. Dupe warnings for identical files at different titles are still given.
- Add 'change tagging' facility, where changes can be tagged internally with certain designations, which are displayed on various summaries of changes, and the entries can be styled with CSS.
- (bug 17207) Fix regression breaking category page display on PHP 5.1
- Categoryfinder utility class no longer fails on invalid input or gives wrong results for category names that include pseudo-namespaces
- (bug 17252) Galician numbering format
- (bug 17146) Fix for UTF-8 and short word search for some possible MySQL configs
- (bug 7480) Internationalize database error message
- (bug 16555) Number of links to mediawiki.org scaled back on post-installation
- (bug 14938) Removing a section no longer leaves excess whitespace
- (bug 17304) Fixed fatal error when thumbnails couldn't be generated for file history
- (bug 17283) Remove double URL escaping in show/hide links for log entries and RevisionDeleteForm::__construct
- (bug 17105) Numeric table sorting broken
- (bug 17231) Transcluding special pages on wikis using language conversion no longer affects the page title
- (bug 6702) Default system messages updated/improved
- (bug 17190) User ID on preference page no longer has delimeters
- (bug 17341) "Powered by MediaWiki" should be on the left on RTL wikis
- (bug 17404) "userrights-interwiki" right was missing in User::$mCoreRights
- (bug 7509) Separation strings should be configurable
- (bug 17420) Send the correct content type from action=raw when the HTML file cache is enabled.
- (bug 12746) Do not allow new password e-mails when wiki is in read-only mode
- (bug 17478) Fixed a PHP Strict standards error in maintenance/cleanupWatchlist.php
- (bug 17488) RSS/Atom links in left toolbar are now localized in classic skin
- (bug 17472) use print <<<EOF in maintenance/importTextFile.php
- [/wiki/Special:PrefixIndex Special:PrefixIndex]: Move table styling to shared.css, add CSS IDs to tables use correct message 'allpagesprefix' for input form label, replace _ with ' ' in next page link
- (bug 17506) Exceptions within exceptions now respect $wgShowExceptionDetails
- Fixed excessive job queue utilisation
- File dupe messages for remote repos are now shown only once.
- (bug 14980) Messages 'shareduploadwiki' and 'shareduploadwiki-desc' are now used as a parameter in 'sharedupload' for easier styling and customization.
- (bug 17482) Formatting error in [/wiki/Special:Preferences#Misc Special:Preferences#Misc] (Opera)
- (bug 17556) <link> parameters in [/wiki/Special:Contributions Special:Contributions] feeds (RSS and Atom) now point to the actual contributors' feed.
- ForeignApiRepos now fetch MIME types, rather than trying to figure it locally
- [/wiki/Special:Import Special:Import]: Do not show input field for import depth if $wgExportMaxLinkDepth == 0
- (bug 17570) $wgMaxRedirects is now correctly respected when following redirects (was previously one more than $wgMaxRedirects)
- (bug 16335) magic word to suppress new section link.
- (bug 17581) Wrong index name in PostgreSQL's updater: was rc_timestamp_nobot, changed to rc_timestamp_bot
- (bug 17437) Fixed incorrect link to web-based installer
- (bug 17538) Use shorter URLs in <link> elements
- (bug 13778) Hidden input added to the search form so that using the Enter key on IE will do a fulltext search like clicking the button does
- (bug 1061) CSS-added icons next to links display through the text and makes it unreadable in RTL
- [/wiki/Special:WantedTemplates Special:Wantedtemplates] now works on PostgreSQL
- (bug 14414) maintenance/updateSpecialPages.php no longer throws error with PostgreSQL
- (bug 17546) Correct Tongan language native name is "lea faka-Tonga"
- (bug 17621) [/wiki/Special:WantedFiles Special:WantedFiles] has no link to [/wiki/Special:WhatLinksHere Special:Whatlinkshere]
- (bug 17460) Client ecoding is now correctly set for PostgreSQL
- (bug 17648) Prevent floats from intruding into edit area in previews if no toolbar present
- (bug 17692) Added (list of members) link to 'user' in [/wiki/Special:ListGroupRights Special:Listgrouprights]
- (bug 17707) Show file destination as plain text if &wpForReUpload=1
- (bug 10172) Moved setting of "changed since last visit" flags out of the job queue
- (bug 17761) "show/hide" link in page history in now works for the first displayed revision if it's not the current one
- (bug 17722) Fix regression where users are unable to change temporary passwords
- (bug 17799) [/wiki/Special:Random Special:Random] no longer throws a database error when a non- namespace is given, silently falls back to NS_MAIN
- (bug 17751) The message for bad titles in WantedPages is now localized
- (bug 17860) Moving a page in the "MediaWiki" namespace using SuppressRedirect no longer corrupts the message cache
- (bug 17900) Fixed User Groups interface log display after saving groups.
- (bug 17897) Fixed string offset error in
tags
* (bug 17778) MediaWiki:Catseparator can now have HTML entities * (bug 17676) Error on [/wiki/Special:ListFiles Special:ListFiles] when using Postgres * [/wiki/Special:Export Special:Export] doesn't use raw SQL queries anymore * (bug 14771) Thumbnail links to individual DjVu pages have two no longer have two "page" parameters * (bug 17972) [/wiki/Special:FileDuplicateSearch Special:FileDuplicateSearch] form now works correctly on wikis that don't use PathInfo or short urls * (bug 17990) trackback.php now has a trackback.php5 alias and works with $wgScriptExtension * (bug 14990) Parser tests works again with PostgreSQL * (bug 11487) [/wiki/Special:ProtectedPages Special:Protectedpages] doesn't list protections with pr_expiry IS NULL * (bug 18018) Deleting a file redirect leaves behind a malfunctioning redirect * (bug 17537) Disable bad zlib.output_compression output on HTTP 304 responses * (bug 11213) [edit] section links in printable version no longer appear when you cut-and-paste article text * (bug 17405) "Did you mean" to mirror Go/Search behavior of original request * (bug 18116) 'edittools' is now output identically on edit and upload pages * (bug 17241) The diffonly URI parameter should cascade to "Next edit" and "Previous edit" diff links * (bug 16823) 'Sidebar search form should not use [/wiki/Special:Search Special:Search] view URL as target' * (bug 16343) Non-existing, but in use, category pages can be "go" match hits * Fixed the circular template inclusion check, was broken when the loop involved redirects. Without this, infinite recursion within the parser is possible. * (bug 17611) Provide a sensible error message on install when the SQLite data directory is wrong. * (bug 16937) Fixed PostgreSQL installation on Windows, workaround for upstream pg_version() bug. * (bug 11451) Fix upgrade from MediaWiki 1.2 or earlier (imagelinks schema). * Fixed SQLite indexes, installation and upgrade. Reintroduced it as an option to the installer. * (bug 18170) Fixed a PHP warning in Parser::preSaveTransform() in PHP 5.3 * (bug 8873) Enable variant conversion in text on 'alt' and 'title' attributes
API changes in 1.15
* (bug 16858) Revamped list=deletedrevs to make listing deleted contributions and listing all deleted pages possible * (bug 16844) Added clcategories parameter to prop=categories * (bug 17025) Add "fileextension" parameter to meta=siteinfo&siprop= * (bug 17048) Show the 'new' flag in list=usercontribs for the revision that created the page, even if it's not the top revision * (bug 17069) Added ucshow=patrolled|!patrolled to list=usercontribs * action=delete respects $wgDeleteRevisionsLimit and the bigdelete user right * (bug 15949) Add undo functionality to action=edit * (bug 16483) Kill filesort in ApiQueryBacklinks caused by missing parentheses. Building query properly now using makeList() * (bug 17182) Fix pretty printer so URLs with parentheses in them are autolinked correctly * (bug 17224) Added siprop=rightsinfo to meta=siteinfo * (bug 17239) Added prop=displaytitle to action=parse * (bug 17317) Added watch parameter to action=protect * (bug 17007) Added export and exportnowrap parameters to action=query * (bug 17326) BREAKING CHANGE: Changed output format for iiprop=metadata * (bug 17355) Added auwitheditsonly parameter to list=allusers * (bug 17007) Added action=import * BREAKING CHANGE: Removed rctitles parameter from list=recentchanges because of performance concerns * Listing (semi-)deleted revisions and log entries as well in prop=revisions and list=logevents * (bug 11430) BREAKING CHANGE: Modules may return fewer results than the limit and still set a query-continue in some cases * (bug 17357) Added movesubpages parameter to action=move * (bug 17433) Added bot flag to list=watchlist&wlprop=flags output * (bug 16740) Added list=protectedtitles * Added mainmodule and pagesetmodule parameters to action=paraminfo * (bug 17502) meta=siteinfo&siprop=namespacealiases no longer lists namespace aliases already listed in siprop=namespaces * (bug 17529) rvend ignored when rvstartid is specified * (bug 17626) Added uiprop=email to list=userinfo * (bug 13209) Added rvdiffto parameter to prop=revisions * Manual language conversion improve: Now we can include both ";" and ":" in conversion rules * (bug 17795) Don't report views count on meta=siteinfo if $wgDisableCounters is set * (bug 17774) Don't hide read-restricted modules like action=query from users without read rights, but throw an error when they try to use them. * Don't hide write modules when $wgEnableWriteAPI is false, but throw an error when someone tries to use them * BREAKING CHANGE: action=purge requires write rights and, for anonymous users, a POST request * (bug 18099) Using appendtext to edit a non-existent page causes an interface message to be included in the page text * (bug 18601) generator=backlinks returns invalid continue parameter * (bug 18597) Internal error with empty generator= parameter * (bug 18617) Add xml:space="preserve" attribute to relevant tags in XML output
Languages updated in 1.15
MediaWiki supports over 300 languages. Many localisations are updated regularly. Below only new and removed languages are listed, as well as changes to languages because of MediaZilla reports. * Austrian German (de-at) (new) * Swiss Standard German (de-ch) (new) * Simplified Gan Chinese (gan-hans) (new) * Traditional Gan Chinese (gan-hant) (new) * Literary Chinese (lzh) (new) * Uyghur (Latin script) (ug-latn) (renamed from 'ug') * Veps (vep) (new) * Võro (vro) (renamed from fiu-vro) * (bug 17151) Add magic word alias for #redirect for Vietnamese * (bug 17288) Messages improved for default language (English) * (bug 12937) Update native name for Afar * (bug 16909) 'histlegend' now reuses messages instead of copying them * (bug 17832) action=delete returns 'unknownerror' instead of 'permissiondenied' when the user is blocked * Traditional/Simplified Gan Chinese conversion support
MediaWiki 1.14.0
February 22, 2009 This is the first stable release of the 2009 Q1 branch of MediaWiki. MediaWiki is now using a "continuous integration" development model with quarterly snapshot releases. The latest development code is always kept "ready to run", and in fact runs our own sites on Wikipedia. Release branches will continue to receive security updates for about a year from first release, but nonessential bugfixes and feature developments will be made on the development trunk and appear in the next quarterly release. Those wishing to use the latest code instead of a branch release can obtain it from source control: http://www.mediawiki.org/wiki/Download_from_SVN NOTE: Installation of MediaWiki on SQLite has been temporarily disabled in this release due to the discovery of serious problems with the schema. We expect to fix this problem for the release of 1.15.0.
Changes since 1.14.0rc1
* Fixed the performance of the backlinks API module * (bug 17420) Send the correct content type from action=raw when the HTML file cache is enabled. * (bug 17437) Fixed incorrect link to web-based installer * (bug 17527) Fixed missing MySQL-specific options in installer
Configuration changes in 1.14
* $wgExemptFromUserRobotsControl is an array of namespaces to be exempt from the effect of the new / magic words. (Default: null, ex- empt all content namespaces.) * $wgForwardSearchUrl has been removed entirely. Documented setting since 1.4 has been $wgSearchForwardUrl. * (bug 15080) $wgOverrideSiteFeed has been added. Setting either $wgSiteFeed['rss'] or 'atom' to a URL will override the default Recent Changes feed that appears on all pages. * $wgSQLiteDataDirMode has been introduced as the default directory mode for SQLite data directories on creation. Note that this setting is separate from $wgDirectoryMode, which applies to all normal dirs created by MediaWiki. * $wgGroupsAddToSelf and $wgGroupsRemoveFromSelf now work more like $wgAddGroups and $wgRemoveGroups, where the user must belong to a specified group in order to add or remove those groups from themselves. Backwards compatibility is maintained. * $wgRestrictDisplayTitle controls if the use of the Template:DISPLAYTITLE magic word is restricted to titles equivalent to the actual page title. This is true per default, but can be set to false to allow any title. * $wgSpamRegex may now be an array of multiple regular expressions. * $wgAjaxSearch has been removed; use $wgEnableMWSuggest instead. * Editing the MediaWiki namespace is now unconditionally restricted to people with the editinterface right, configuring this in $wgNamespaceProtection is not required. * $wgAllowExternalImagesFrom may now be an array of multiple strings. * Introduced $wgEnableImageWhitelist to toggle the on-wiki external image whitelist on or off. * Added $wgRenderHashAppend to append some string to the parser cache and the sitenotice cache keys. * $wgRCChangedSizeThreshold is now a positive integer by default, * (bug 16006) $wgEnableWriteAPI is now true by default. Authorized can perform write actions using the API. * Added $wgRC2UDPInterwikiPrefix which adds an interwiki prefix ($wgLocalInterwiki) onto the page names in the UDP feed. * Added $wgAllowUserSkin to let the wiki's owner disable user selectable skins on the wiki. If it's set to true, then the skin used will *always* be $wgDefaultSkin. * Added $wgEnotifUseRealName, which allows UserMailer to send out e-mails based on the user's real name if one is set. Defaults to false (use the username) * Removed the 'apiThumbCacheDir' option from $wgForeignFileRepos (only used in ForeignAPIRepo) * (bug 44) Image namespace and accompanying talk namespace renamed to File. For backward compatibility purposes, Image still works. External tools may need to be updated. * The constants NS_FILE and NS_FILE_TALK can now be used instead of NS_IMAGE and NS_IMAGE_TALK. The old constants are retained as aliases for compatibility, and should still be used in code meant to be compatible with v1.13 or older. * MediaWiki can be forced to use private IPs forwarded by a proxy server by using $wgUsePrivateIPs. * The 'BeforeWatchlist' hook has been removed due to internal changes in [/wiki/Special:Watchlist Special:Watchlist]. 'SpecialWatchlistQuery' should now be used by extensions to customize the watchlist database query.
Migrated extensions
The following extensions are migrated into MediaWiki 1.14: * [/wiki/Special:DeletedContributions Special:DeletedContributions] to show deleted user contributions (was extension DeletedContributions) * [/wiki/Special:Log/newusers Special:Log/newusers] recording new users (was extension Newuserlog) * [/wiki/Special:LinkSearch Special:LinkSearch] to search for external links (was extension LinkSearch) * RenderHash * NoMoveUserPages * UniversalEditButton
New features in 1.14
* New URL syntaxes for [/wiki/Special:ListUsers Special:ListUsers] - '[/wiki/Special:ListUsers/USER Special:ListUsers/USER]' and '[/wiki/Special:ListUsers/GROUP/USER Special:ListUsers/GROUP/USER]', in addition to the older syntax '[/wiki/Special:ListUsers/GROUP Special:ListUsers/GROUP]' where GROUP is a valid group name. * Configurable per-namespace and per-page notices for the edit form, respectively MediaWiki:Editnotice-# where # is the namespace number, and MediaWiki:Editnotice-#-PAGENAME where # is the page's namespace number and PAGENAME is the page name minus the namespace prefix. * (bug 8068) New and magic words allow user control of search engine indexing on a per-article basis. * Handheld stylesheet options * Added 'DoEditSectionLink' hook as a cleaner unified version of the old 'EditSectionLink' and 'EditSectionLinkForOther' hooks. Note that the 'EditSectionLinkForOther' hook has been removed, but 'EditSectionLink' is run in all cases instead, so extensions using the old hooks should still work if they ran roughly the same code for both hooks (as is almost certain). * Signature (~~~~) "cleaning", i.e. template removal, can be disabled with $wgCleanSignatures=false * Extensions can use the SkinBuildSidebar hook to modify the content of the sidebar and add custom portlets to it * Added 'MakeGlobalVariablesScript' hook for extensions to be able to add vari- ables into into the output of Skin::makeVariablesScript * (bug 13846) Added $wgAddGroups and $wgRemoveGroups display on [/wiki/Special:ListGroupRights Special:ListGroupRights] * (bug 14377) Add a date selector to history pages * (bug 15007) New 'pagetitle-view-mainpage' message allows the HTML <title> of the main page to be customized * Added $wgDisableTitleConversion to disabling the conversion for all pages on the wiki * Added 'noconvertlink' toggle that can be set per user preferences, also added 'convertlink=no|yes' on GET requests whether have the link titles being converted or not * (bug 14921) [/wiki/Special:Contributions/ Special:Contributions/]: add user name to <title> Patch by Emufarmers * Unescape more "safe" characters when producing URLs, for added prettiness * Introduced a new hook 'SkinAfterContent' that allows extensions to add text after the page content and article metadata. Updated all skins and skin templates to work with that hook. * (bug 14929) removeUnusedAccounts.php now supports 'ignore-touched' and 'ignore-groups'. Patch by Louperivois * (bug 15127) Work around minor display glitch in Opera. * By default, reject file uploads that look like ZIP files, to avoid the so-called GIFAR vulnerability. * (bug 15141) Give ability to only list protected pages with the cascading option enabled on [/wiki/Special:ProtectedPages Special:ProtectedPages] * (bug 15157) [/wiki/Special:Watchlist Special:Watchlist] has the same options as [/wiki/Special:Watchlist Special:Watchlist]: Show/Hide logged in users, Show/Hide anonymous, Invert namespace selection * Added hook 'UserrightsChangeableGroups' to allow modification of what groups may be added or removed via the [/wiki/Special:UserRights Special:UserRights] interface. * HTML entities like now work (are not escaped) in edit summaries. * (bug 13815) In the comment for page moves, use the colon-separator message instead of a hardcoded colon. * Allow <gallery> to accept image names without an Image: prefix * Add tooltips to rollback and undo links * BMP images are now displayed as PNG * (bug 13471) Added NUMBERINGROUP magic word * (bug 11884) Now support Flash EXIF attribute * Show thumbnails in the file history list, patch by User:Agbad * Added support of piped wikilinks using double-width brackets * Added an on-wiki external image whitelist. Items in this whitelist are treated as regular expression fragments to match for when possibly displaying an external image inline. * (bugs 15405, 15436) Sort more currency types correctly in sortable tables * (bug 15422) Sort more different types of numbers in sortable tables * (bug 2889) MediaWiki:Print.css applies to the printable version * Category counts (e.g. from 0) should be more accurate for small categories * After logging in, automatically redirect to wherever you logged in from * (bug 5619) Break messages used in [/wiki/Special:Statistics Special:Statistics] down further * (bug 11029) Add link to Special:Listusers?group=sysop etc. at [/wiki/Special:Statistics Special:Statistics] * (bug 15514) Setting $wgRightsText without $wgRightsUrl now produces a plaintext copyright notice. Patch by Juliano F. Ravasi. * (bug 15551) Deletion log excerpt is now shown whenever a user vists a deleted page, even if they are unable to edit it. * Added Wantedfiles special pages, allowing users to find image links with no image. * (bug 12650) It is now possible to set different expiration times for different restriction types on the protection form. * (bug 8440) Allow preventing blocked users from editing their talk pages * Improved upload file type detection for OpenDocument formats * Added the ability to set the target attribute on external links with $wgExternalLinkTarget * api.php now sends "Retry-After" and "X-Database-Lag" HTTP headers if the maxlag check fails, just like index.php does * Added "link" parameter to image links, to allow images to link to an arbitrary title or URL. This should replace inaccessible and incomplete solutions such as CSS-based overlays and ImageMap. * (bug 368) Don't use caption for alt attribute; allow manual specification using new "alt=" parameter for images * (bug 44) The core parser function now also accepts localized namespace names and aliases; also, its output now uses spaces instead of underscores to match the behavior of the magic word * Added the ability to display user edit counts in [/wiki/Special:ListUsers Special:ListUsers]. Off by default, enabled with $wgEdititis = true (named after the medical condition marked by unhealthy obsession with edit counts). * Added a file cache to the parser to improve page rendering time on pages with several uses of the same image. * (bug 1250) Users can still use "show preview" and "show changes" even if the wiki is set to read-only mode. * Added a call to the 'UnwatchArticleComplete' hook to the watchlist editor. This should make it so that ALL user-accessible methods of removing a page from a watchlist lead to this hook being called (it was previously only called from within Article.php * Maximum execution time for shell processes on linux is now configured with $wgMaxShellTime (180 seconds by default) * (bug 1306) 'Email user' link no longer shown on user page when emailing is not available due to lack of confirmed address or disabled preference * [/wiki/Special:WantedTemplates Special:Wantedtemplates] special page added to display missing templates linked from articles * Make search matches bold only, not red as well * (bug 10080) Blocks can be modified without unblocking first * (bug 15820) [/wiki/Special:Block Special:BlockIP] shows a notice if the user being blocked is already directly blocked * (bug 13710) Allow to force "watch this" checkbox via URL using parameter "watchthis" * (bug 15125) Add Public Domain to default options when installing. Patch by Nathan Larson. * Set a special temporary directory for ImageMagick with $wgImageMagickTempDir * (bug 16113) Show/hide for redirects in [/wiki/Special:NewPages Special:NewPages] * (bug 15903) Upload link was added to Nostalgia skin * (bug 15761) Add user toggle to omit diff after rollback * Added the BitmapHandler_ClientOnly media handler, which allows server-side image scaling to be completely disabled for specific media types, via the $wgMediaHandlers configuration variable. * New 'AbortDiffCache' hook can be used to cancel the caching of a diff * (bug 15835) Added Content-Style-Type meta tag * (bug 11027) Add parameter to MW:Randompage-nopages so that user can see the namespace. * Add id="mw-user-domain-section" to tag in Userlogin.php template so that admins with a single domain can hide the domain section using CSS * Dropped old Paser_OldPP class. Only new parser with preprocessor is used. * Moved password reset form from [/wiki/Special:Preferences Special:Preferences] to [/wiki/Special:ChangePassword Special:ResetPass] * Added [/wiki/Special:ChangePassword Special:ChangePassword] as a special page alias for [/wiki/Special:ChangePassword Special:ResetPass] * Added complimentary function for addHandler() called removeHandler() for removing events * Improved security of file uploads for IE clients, using a reverse-engineered algorithm very similar to IE's content detection algorithm. * Cascading protection no longer requires that both edit and move are restricted to sysop, just edit=sysop is enough * (bug 2391) A warning is now shown for invalid ISBN numbers on [/wiki/Special:BookSources Special:Booksources]. * Installer has been updated to reflect the release of the GFDL 1.3. The URL for 1.2 has been updated, and the 1.3 URL has been given. 1.2 is still Wikipedia-compatible. RightsCode was changed from 'gfdl' to 'gfdl1_2', so we can now support 1.2 as well as 1.3 (gfdl1_3). * (bug 16293) PD URL was changed to the CreativeCommons site on PD (which auto-detects your language) instead of Wikipedia. * (bug 16635) The "view and edit watchlist" page ([/wiki/Special:Watchlist/edit Special:Watchlist/edit]) now includes a table of contents * File objects returned by wfFindFile() are now cached by default * (bug 7492) Rights can now be assigned to specific IP addresses and ranges by using $wgAutopromote (new defines: APCOND_ISIP and APCOND_IPINRANGE) * Add a 'change block' link to [/wiki/Special:BlockList Special:IPBlockList] and [/wiki/Special:Log Special:Log] * (bug 16459) Use native getElementsByClassName where possible, for better performance in modern browsers * Enable \cancel and \cancelto in texvc (recompile required) * Added 'UserCryptPassword' and 'UserComparePasswords' hooks to allow extensions to implement their own password hashing methods. * (bug 16760) Add CSS-class to action links of [/wiki/Special:Log Special:Log] * (bug 505) Time zones can now be specified by location in user preferences, avoiding the need to manually update for DST. Patch by Brad Jorsch. * (bug 2585) HTTP 404 return code is now given for a page view if the page does not exist, allowing spiders and link checkers to detect broken links. * [/wiki/Special:Log Special:Log]: Add 'change protection' link for unprotected pages too * [/wiki/Special:Log Special:Log]: Add log type specific CSS classes 'mw-logline-$logtype' to 'li' elements * (bug 16754) Making arbitrary rows of sortable tables sticky: |- class="unsortable" * Show subversion too even if a "normal" version number is available * (bug 16121) Add a note that a page move was without creating a redirect in the move log * Image moving is now enabled for sysops by default * Make "Did you mean" search feature more noticeable * (bug 16720) Transcluded [/wiki/Special:NewPages Special:NewPages] processes "/username="
Bug fixes in 1.14
* (bug 14907) DatabasePostgres::fieldType now defined. * (bug 14659) Passing the default limit param to [/wiki/Special:RecentChanges Special:Recentchanges] no more falls back to the user option * (bug 14954) Fix regression in Modern and Simple skins * Recursion loop check added to Categoryfinder class * Fixed few performance troubles of large job queue processing * Not setting various parameters in Foreign Repos now fails more gracefully * (bug 2333) Redirects are properly rendered when previewing an edit. * (bug 14972) Use localized alias of [/wiki/Special:Search Special:Search] on all search forms * (bug 11035) [/wiki/Special:Search Special:Search] should have descriptive <title> * Special pages are now not subject to special handling for "self-links" * (bug 15053) Syntactically incorrect redirects with another link in them no longer redirect to the second link * (bug 15049) Fix for CheckUser extension's log search: usernames containing a "-" were incorrectly turned into bogus IP range searches. Patch by Max Semenik. * (bug 15055) Talk page notifications no longer attempt to send mail when user's e-mail address is invalid or unconfirmed * (bug 12370) Add throttle on password attempts. Defaults to max 5 attempts in 5 minutes. * (bug 15016) 'Templates used on this page' list in view source should be wrapped in a div with class "templatesUsed" * (bug 14868) Setting $wgFeedDiffCutoff to 0 now disables generation of the diff entirely, not just the display of it. * (bug 6387) Introduced new setting $wgCategoryPrefixedDefaultSortkey which allows having the unprefixed page title as the default category sortkey * (bug 15079) Add class="ns-talk" / "ns-subject" to <body>. Also added ns-special to special pages. * (bug 15052) Skins should add their name as a class in <body> * (bug 14165, bug 14294) Wikimedia specific configuration in convertGrammar() for several languages was removed. The settings have been put in extension WikimediaMessages. Patch for Czech by Danny B. * (bug 15101) Displaying only bots edits in [/wiki/Special:RecentChanges Special:Recentchanges] now works again * (bug 13770) Fixed incorrect detection of PHP's DOM module * (bug 14790) Export of category pages when using Category: prefix now actually gives results * Avoid recursive crazy expansions in section edit comments for pages which contain '/*' in the title * Fix excessive memory usage when parsing pages with lots of links * $wgSpamRegex now matches the edit summary and page move descriptions in addition to body text. * Navigation links to images available from a shared repository (like Commons) from their local talk pages no longer appear as redlinks * Action=purge on ForeignApiFiles now works (purges their thumbnails and description pages). * (bug 15303) Title conversion for templates wasn't working in some cases. * (bug 15264) Underscores in [/wiki/Special:Search/Foo_bar Special:Search/Foo_bar] parameters were taken literally; now converting them to spaces per expectation. * (bug 15342) "Invert" checkbox now works correctly when selecting main namespace in [/wiki/Special:Watchlist Special:Watchlist] * (bug 15172) 'Go' button of [/wiki/Special:RecentChanges Special:Recentchanges] now on the same line as the last input element (like [/wiki/Special:Watchlist Special:Watchlist] too) * (bug 15351) Fix fatal error for invalid section fragments in autocomments * Fixed intermittent deadlock errors involving objectcache table queries. Use a separate database connection for the objectcache table to avoid long-lasting locks on that table. * Respect file restrictions in the file history list * (bug 15399) Odd/even classes on sortable tables' rows could be slow for large tables, and have been disabled by default. * (bug 15482) [/wiki/Special:RecentChangesLinked Special:Recentchangeslinked] has no longer two submit buttons * (bug 15292) New message notification for unregistred users now works again * (bug 14398) mwsuggest.js: Let width of container be configurable * (bug 15543) Only include user touched timestamp to generated CSS * (bug 15497) Removed encoding attribute from <?xml ?> tag * (bug 12284) [/wiki/Special:Preferences Special:Preferences] now sets a returnto parameter on the link to [/wiki/Special:UserLogin Special:UserLogin]. Patch by Marooned. * Fixed the HTTP accept language string detection length in LanguageConverter.php, instead of the fixed length language codes. * [/wiki/Special:RecentChangesLinked Special:RecentChangesLinked] no longer shows outgoing links for nonexistent pages even if there are broken link records with source article id 0 in the database * (bug 15598) [/wiki/Special:NewPages Special:Newpages] default limit uses user preference for recentchanges limit instead of hardcoded 50. * (bug 15617) $wgFeedClassesOutputPage::getHeadLinks() respects $wgFeedClasses, instead of hardcoding rss and atom. Patch by Juliano F. Ravasi. * (bug 14638) [/wiki/Special:Block Special:Blockip] now provides a link to the block log if the user has been blocked more than 10 times. Patch by Matt Johnston. * (bug 12678) Skins don't show Upload link if the user isn't allowed to upload. * Fixed incorrect usage of DB_LAST in [/wiki/Special:Export Special:Export]. Deprecated DB_LAST. * (bug 15642) Blocked sysops can no longer block other users * Http::request() now respects $wgHTTPtimeout when not using cURL * (bug 15158) Userinvalidcssjstitle not shown on preview * (bug 15196) Free external links should be numbered in a localised manner * (bug 15388) Title of [/wiki/Special:PrefixIndex Special:PrefixIndex] * Links with no title but a curid parameter now use the curid to pick a page * (bug 10323) [/wiki/Special:Undelete Special:Undelete] should have "inverse selection" button * (bug 15831) Modern skin RTL support is bugous * (bug 15869) Nostalgia skin does not show page title in printable mode * (bug 15795) [/wiki/Special:UserRights Special:Userrights] is now listed on [/wiki/Special:SpecialPages Special:SpecialPages] when the user can only change his rights * (bug 15846) Categories "leak" from older revisions in certain circumstances * (bug 15928) Special pages dropdown should be inline in non-MonoBook skins * (bug 14178) Some uses of UserLoadFromSession hook cause segfault * (bug 15925) Postitive bytes added on recentchanges and watchlists are now bolded if above the threshold, previously it only worked for negatives * Specify apple-touch-icon before favicon in HTML head section to make the Konqueror browser correctly use the latter * (bug 15717) Set $separatorTransformTable for language 'eu' * (bug 15605) Enabled $datePreferences for language 'hr'. Added standard date preferences. * (bug 13701) Template:NUMBEROFVIEWS magic word to show number of total views. * (bug 5101) Image from Commons doesn't show up when searched in Wikipedia search box * (bug 14609) User's namespaces to be searched default not updated after adding new namespace * Purge form uses valid XHTML * (bug 12764) [/wiki/Special:LonelyPages Special:LonelyPages] shows transcluded pages * (bug 16073) Enhanced RecentChanges uses onclick handler with better fallback if JavaScript is disabled * (bug 4253) Recentchanges IRC messages no longer include title in diff URLs * Allow '0' to be an accesskey. * (bug 8063) Use language-dependent sorting in client-side sortable tables * (bug 16160) Suggestions box should be resized from left for RTL wikis * (bug 11533) Fixed insane slowdown when in read-only mode for long periods of time with CACHE_NONE (default objectcache table configuration). * Trying to set two different default category sort keys for one page now produces a warning * (bug 16143) Fix redirect loop on special pages starting with lower case letters * (bug 15737) Fix notices while expanding using PPCustomFrame * (bug 15544) Non-index entry points cause the "Wiki not set up" message to have corrupt URLs * (bug 5101) Image from Commons doesn't show up when searched in Wikipedia search box * (bug 4362) MediaWiki:History copyright no more used with most recent revision when passing oldid parameter in the url * (bug 16265) When caching thumbs with the ForeignApiRepo, we now use the same filename as the remote site. * (bug 8345) Don't autosummarize where a redirect was left unchanged * Made thumb caching in ForeignApiFile objects integrated with normal thumb path naming (/thumbs/hash/file), retired 'apiThumbCacheDir' as a result. * (bug 5530) Consistency between character encoding in HRWiki_Upgrade_to_MediaWiki_1.15, HRWiki_Upgrade_to_MediaWiki_1.15 and HRWiki_Upgrade_to_MediaWiki_1.15 * Safer handling of non-MediaWiki exceptions -- now obeys our settings for formatting and path exposure. * Less verbose errors from profileinfo.php when not configured * Blacklist redirects via [/wiki/Special:FilePath Special:Filepath], hard to use. * Improved input validation on [/wiki/Special:Import Special:Import] form * Add a .htaccess to deleted images directory for additional protection against exposure of deleted files with known SHA-1 hashes on default installations. * Improved scripting safety heuristics for IE 5/6 content-type detection. * Improved scripting safety heuristics on SVG uploads. * (bug 11728) Unify layout of enhanced watchlist/recent changes * (bug 8702) Properly update stats when running nukePage maintenance script * (bug 7726) Searches for words less than 4 characters now work without requiring customization of MySQL server settings * Honour unchecked "Leave a redirect behind" for moved subpages * (bug 16440) Broken 0-byte math renderings are now deleted and re-rendered when page is re-parsed. * (bug 6100) Unicode BiDi embedding/override characters (U+202A - U+202E) are now automatically removed from titles; these characters can accidentally end up in copy-and-pasted titles, and, by overriding normal bidirectional text handling, can lead to annoying behavior such as text rendering backwards * Fixed minor bug where the memcached value for how many accounts an IP had created that day would be increased even if $wgAccountCreationThrottle was hit. This meant if an IP hit the throttle and then the throttle was raised later that day, the IP still couldn't create another account, because it had marked them as having created another account, when their last account creation had actually failed. * (bug 12647) Allow autogenerated edit summary messages to be blanked with '-' * (bug 16026) 'Revision-info' and 'revision-info-current' both accept wiki markup now. * (bug 16529) Fix for search suggestions with some third-party JS libraries * (bug 13342) importScript() generates more consistent URI encoding * (bug 16577) When a blocked user tries to rollback a page, the block message is now only displayed once * (bug 14268) SVG image sizes now extracted with proper XML parser * (bug 14365) RepoGroup::findFiles() no longer crashes if passed an invalid title via the API * (bug 4253, bug 16586) Revision ID is now given instead of title in URLs for new pages in the recent changes IRC feed * Ugly tooltips in [/wiki/Special:Statistics Special:Statistics] were phased out in favor of more direct information. Went ahead and rewrote SpecialStatistics to subclass SpecialPage * (bug 5506) Links to files on foreign repositories are now shown consistently as bluelinks e.g. in logs and edit summaries * (bug 16623) Add missing
tag in [/wiki/Special:LockDB Special:LockDB] * (bug 15849) [/wiki/Special:MovePage Special:Movepage] now throws a more specific error when trying to move a title to an interwiki target * (bug 16638) 8-bit URL fallback encoding now set on additional languages using Arabic script (Persian, Urdu, Sindhi, Punjabi) * (bug 16656) cleanupTitles and friends should now work in load-balanced DB environments when $wgDBserver isn't set. * (bug 3691) Aspect ratio from viewBox attribute is now preserved for SVG images which do not specify width and height attributes. * (bug 15027) Internet domain names and IP addresses can now be indexed and searched sensibly with the default MySQL search backend. * (bug 11733) Fixed parameter validation in importTextFile.php * (bug 16712) [/wiki/Special:NewFiles Special:NewFiles] updated to use "newer"/"older" paging messages for clarity over "previous/next" * (bug 16612) Fixed "noprint" class for Modern skin print style * Section anchors now have an "id" attribute as well as a "name" attribute, even when Tidy is not used * (bug 16026) revision-info, revision-info-current, cannotdelete, redirectedfrom, historywarning and difference messages now use Wiki text rather than raw HTML markup * (bug 13835) Fix rendering of * (bug 16772) [/wiki/Special:Upload Special:Upload] now correctly rejects files with spaces in the file extension (e.g. Foo. jpg). * Image moving over an existing file no longer throws a database error * (bug 16786) Restored "redundant" links recently removed from Classic sidebar * (bug 16850) $wgActionPaths can have query strings now, previously, this broke local URLs * (bug 16376) Mention in deleteBatch.php and moveBatch.php maintenance scripts that STDIN can be used for page list * (bug 16560) [/wiki/Special:Random Special:Random] returns a page from ContentNamespaces, and no longer from NS_MAIN * (bug 16123) Fixed [/wiki/Special:Import Special:Import] on SQLite. * (bug 16937) Show appropriate error message for attempted installs on PostgreSQL 7.3 or earlier. * Disabled SQLite support in the installer. * Fixed XSS vulnerabilities in the web-based installer. * Added a meta robots tag to the installer to prevent indexing of potentially sensitive configuration data. * (bug 16483) Prevented a filesort in ApiQueryBacklinks caused by missing parentheses. Building query properly now using makeList()
API changes in 1.14
* Registration time of users registered before the DB field was created is now shown as empty instead of the current time. * API search now falls back to fulltext search by default when using Lucene or other engine which doesn't support a separate title search function. This means you can use API search on Wikipedia without explicitly adding &srwhat=text to the query. * Added iiprop=bitdepth to imageinfo and aiprop=bitdepth to allimages * (bug 14713) API-specific permissions (such as 'writeapi' and 'apihighlimits' are now listed on action=help * (bug 15044) Added requestid parameter to api.php to facilitate distinguishing between requests * (bug 15048) Added limit field for multivalue parameters to action=paraminfo output. * When the limit on multivalue parameters is exceeded, a warning is issued * list=search doesn't list missing pages any more * (bug 15178) Added clshow to prop=categories to allow filtering for hidden/ non-hidden categories * (bug 15228) Combining revids= and redirects now throws a warning instead of an error, and still resolves redirects generated by the generator. * list={backlinks,embeddedin,imageusage} now return arrays with keys 0, 1, 2, etc. (AKA lists) instead of arrays with pageIDs as keys (AKA hash tables) for consistency with other list modules. * Added action=watch * (bug 15275) apprefix and related parameters ignore spaces at the end * action=edit no longer throws unknown error 228 when trying to create an empty section with section=new * Database replication lag doesn't cause all action=edit requests to return the nochange flag any more * (bug 15392) ApiFormatBase::formatHTML now uses $wgUrlProtocols. * (bug 15444) action=edit returns "Unknown error: ``AS_END" where it should return just "Unknown error" * (bug 15448) YAML output returns empty values instead of 0 * (bug 15445) Added action=patrol * (bug 15466) Added action=purge * (bug 15486) action=block ignores autoblock parameter * (bug 15492) added rcprop=loginfo to list=recentchanges * (bug 15527) action=rollback can now revert anonymous editors * (bug 15535) prop=info&inprop=protection doesn't list pre-1.10 protections if the page is also protected otherwise (1.10+ style or cascading) * list=random now has rnredirect parameter, to get random redirects. * Added APIAfterExecute, APIQueryAfterExecute and APIQueryGeneratorAfterExecute hooks which allow for extending core modules in a cleaner way * action=protect checks for invalid protection types and levels * (bug 15673) Added indentation to format=wddxfm output and improved built-in WDDX formatter to resemble PHP's more * (bug 15706) Empty values for apprtype and apprlevel are now silently ignored rather than causing an exception * Added uiprop=preferencestoken to meta=userinfo * (bug 15609) Add inprop=url and inprop=readable to prop=info * Add ApiDisabled and ApiQueryDisabled classes so individual modules can be disabled in LocalSettings.php * (bug 15653) Add prop=duplicatefiles * (bug 15768) Add list=watchlistraw * (bug 15647) action=edit with basetimestamp fails if the page has been deleted and undeleted since the last edit * (bug 15785) Allow for different expiry times for different protections in action=protect * Added allowsduplicates attribute to action=paraminfo output * (bug 15767) apfilterlanglinks returns duplicate results * (bug 15845) Added pageid/fromid parameter to action=delete/move, making manipulation of legacy pages with invalid titles possible * (bug 15881) Empty or invalid parameters cause database errors * The maxage and smaxage parameters are now properly validated * (bug 15945) list=recentchanges doesn't check $wgUseRCPatrol, $wgUseNPPatrol and patrolmarks right * (bug 15985) acfrom and aifrom parameters didn't work when sorting in descending order. * (bug 15995) Add cmstartsortkey and cmendsortkey parameters to list=categorymembers * (bug 16017) list=categorymembers sets invalid continue parameters for sortkeys containing pipes * (bug 16018) Added uccontinue parameter to list=usercontribs so paging works properly when multiple users are queried or a userprefix is used * (bug 16047) Added activeusers attribute to meta=siteinfo&siprop=statistics output * Added redirect resolution to action=parse * (bug 16074) rvprop=content combined with a generator with a high limit causes an error * (bug 16105) Image metadata attributes containing spaces result in invalid XML * (bug 16126) Added siprop=magicwords to meta=siteinfo * (bug 16159) Added wlshow=patrolled|!patrolled to list=watchlist * (bug 16225) Titles like Talk:Talk:Foo broke apfrom and friends * meta=siteinfo&siprop=interwikimap no longer throws an exception for empty sifilter parameter. * (bug 12760) meta=userinfo&uiprop=ratelimits doesn't list group-specific rate limits * (bug 16398) meta=userinfo&uiprop=rights lists some rights twice in some cases * (bug 16408) Added rvgeneratexml to prop=revisions * (bug 16421) Made list=logevents's leuser accept user names with underscores instead of spaces * (bug 16516) Made rvsection=T-2 work * (bug 16526) Added usprop=emailable to list=users * (bug 16548) list=search threw errors with an invalid error code * (bug 16515) Added pst and onlypst parameters to action=parse * (bug 16541) Added block expiry timestamp to list=logevents output * (bug 16613) action=protect doesn't tell when &cascade was set but cascading protection wasn't allowed * (bug 16626) action=delete now correctly handles empty "reason" param * (bug 15579) clshow considers all categories !hidden * (bug 16647) list=allcategories, prop=categories don't return "hidden" property for hidden categories * New siprop parameter of 'extensions' to list all installed extensions * (bug 16672) Include canonical namespace name in meta=siteinfo&siprop=namespaces. * (bug 16726) siprop=namespacealiases should also list localized aliases * (bug 16730) Added apprfiltercascade parameter to list=allpages to filter cascade-protected pages * (bug 16798) JSON encoding errors for some characters outside the BMP * (bug 16629) prop=info&inprop=protection lists empty legacy protections incorrectly * (bug 15261, 16262) API no longer outputs invalid UTF-8 * Fix broken list=alllinks paging and make alunique actually work
Languages updated in 1.14
MediaWiki supports over 300 languages. Many localisations are updated regularly. Below only new and removed languages are listed. * Bakhtiari (bqi) (new) * Fiji Hindi (Devanagari script) (hif-deva) (new) * Krio (kri) (new) * Lezghian (lez) (new) * Laz (lzz) (new) * Eastern Mari (mhr) (new) * Niuean (niu) (new) * Oromo (om) (new) * Plautdietsch (pdt) (new) * Western Punjabi (pnb) (new) * Tarantino (roa-tara) (new) * Serbo-Croatian (sh) (new) * Tulu (tcy) (new)
MediaWiki 1.13.5
February 22, 2009 This is a maintenance update to the Summer 2008 snapshot release of MediaWiki. MediaWiki is now using a "continuous integration" development model with quarterly snapshot releases. The latest development code is always kept "ready to run", and in fact runs our own sites on Wikipedia. Release branches will continue to receive security updates for about a year from first release, but nonessential bugfixes and feature developments will be made on the development trunk and appear in the next quarterly release. Those wishing to use the latest code instead of a branch release can obtain it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
Changes since 1.13.4
* (bug 17449) Fixed PostgreSQL installation * (bug 17527) Fixed missing MySQL-specific options in installer
Changes since 1.13.3
A number of cross-site scripting (XSS) security vulnerabilities were discovered in the web-based installer (config/index.php). These vulnerabilities all require a live installer -- once the installer has been used to install a wiki, it is deactivated. Note that cross-site scripting vulnerabilities can be used to attack any website in the same cookie domain. So if you have an uninstalled copy of MediaWiki on the same site as an active web service, MediaWiki could be used to attack the active service. If you are hosting an old copy of MediaWiki that you have never installed, you are advised to remove it from the web.
Changes since 1.13.2
David Remahl of Apple's Product Security team has identified a number of security issues in previous releases of MediaWiki. Subsequent analysis by the MediaWiki development team expanded the scope of these vulnerabilities. The issues with a significant impact are as follows: * An XSS vulnerability affecting all MediaWiki installations between 1.13.0 and 1.13.2. [CVE-2008-5249] * A local script injection vulnerability affecting Internet Explorer clients for all MediaWiki installations with uploads enabled. [CVE-2008-5250] * A local script injection vulnerability affecting clients with SVG scripting capability (such as Firefox 1.5+), for all MediaWiki installations with SVG uploads enabled. [CVE-2008-5250] * A CSRF vulnerability affecting the [/wiki/Special:Import Special:Import] feature, for all MediaWiki installations since the feature was introduced in 1.3.0. [CVE-2008-5252] XSS (cross-site scripting) vulnerabilities allow an attacker to steal an authorised user's login session, and to act as that user on the wiki. The authorised user must visit a web page controlled by the attacker in order to activate the attack. Intranet wikis are vulnerable if the attacker can determine the intranet URL. Local script injection vulnerabilities are like XSS vulnerabilities, except that the attacker must have an account on the local wiki, and there is no external site involved. The attacker uploads a script to the wiki, which another user is tricked into executing, with the effect that the attacker is able to act as the privileged user. CSRF vulnerabilities allow an attacker to act as an authorised user on the wiki, but unlike an XSS vulnerability, the attacker can only act as the user in a specific and restricted way. The present CSRF vulnerability allows pages to be edited, with forged revision histories. Like an XSS vulnerability, the authorised user must visit the malicious web page to activate the attack. These four vulnerabilities are all fixed in this release. David Remahl also reminded us of some security-related configuration issues: * By default, MediaWiki stores a backup of deleted images in the images/deleted directory. If you do not want these images to be publically accessible, make sure this directory is not accessible from the web. MediaWiki takes some steps to avoid leaking these images, but these measures are not perfect. * Set display_errors=off in your php.ini to avoid path disclosure via PHP fatal errors. This is the default on most shared web hosts. * Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may lead to path disclosure. Other changes in this release: * Avoid fatal error in profileinfo.php when not configured. * Add a .htaccess to deleted images directory for additional protection against exposure of deleted files with known SHA-1 hashes on default installations. * Avoid streaming uploaded files to the user via index.php. This allows security-conscious users to serve uploaded files via a different domain, and thus client-side scripts executed from that domain cannot access the login cookies. Affects [/wiki/Special:Undelete Special:Undelete], img_auth.php and thumb.php. * When streaming files via index.php, use the MIME type detected from the file extension, not from the data. This reduces the XSS attack surface. * Blacklist redirects via [/wiki/Special:FilePath Special:Filepath]. Such redirects exacerbate any XSS vulnerabilities involving uploads of files containing scripts. * Internationalisation updates.
Changes since 1.13.1
* Security: Work around misconfiguration by requiring strict comparisons for in_array in User::isAllowed(). * (bug 14944) Added $wgShellLocale for configuration of an appropriate locale to use for LC_CTYPE during shell invocation. For servers that don't have en_US.utf8. Also added locale detection during install. * Localisation updates * Security: Fixed XSS vulnerability in useskin parameter.
Changes since 1.13.0
* (bug 15460) Fixed intermittent deadlock errors and poor concurrent performance for installations without memcached. * (bug 13770) Fixed DOM module detection for installations with both dom and domxml. * (bug 15148) Fixed [/wiki/Special:Block Special:BlockIP] for PostgreSQL * Fixed SQLite support for non-memcached installations * Localisation updates, Achinese (ace) added.
Changes since 1.13.0rc2
* (bug 13770) Fixed incorrect detection of PHP's DOM module * Fix regression from r37834: accesskey tooltip hint should be given for the minor edit and watch labels on the edit page. * Updated Chinese simplified/traditional conversion tables
Changes since 1.13.0rc1
* $wgForwardSearchUrl has been removed entirely. Documented setting since 1.4 has been $wgSearchForwardUrl. * (bug 14907) DatabasePostgres::fieldType now defined. * (bug 14966) Fix SearchEngineDummy class for silently non-functional search on Sqlite instead of horribly fatal error breaky one. * (bug 14987) Only fix double redirects on page move when the checkbox is checked * (bug 13376) Use $wgPasswordSender, not $wgEmergencyContact, as return address for page update notification mails. * API: Registration time of users registered before the DB field was created is now shown as empty instead of the current time. * (bug 14904): fragments were lost when redirects were fixed. * Added magic word to suppress the redirect fixer * (bug 15035) Revert English linkTrail to /^([a-z]+)(.*)$/sD, as it was before r36253. Multiple reports of breakage due to old (pre-5.0) PCRE libraries, both bundled with PHP and packaged with distros such as RHEL. * (bug 14944) Shell invocation of external programs such as ImageMagick convert was broken in PHP 5.2.6, if the server had a non-UTF-8 locale.
Configuration changes in 1.13
* New option $wgFeed can be set false to turn off syndication feeds * (bug 5745) [/wiki/Special:WhatLinksHere Special:Whatlinkshere] now shows up to $wgMaxRedirectLinksRetrieved links through each redirect instead of hardcoded 500 * Set $wgUploadSizeWarning to false by default * Added $wgLBFactoryConf, for generic configuration of multi-master wiki farms * Removed $wgAlternateMaster, use $wgLBFactoryConf * (bug 13562) Misspelled option $wgUserNotifedOnAllChanges changed to $wgUserNotifiedOnAllChanges * (bug 12860) New option $wgSitemapNamespaces allows sitemaps to be generated for only some namespaces * Removed the emailconfirmed implicit group by default. To re-add it, use: $wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED; in your LocalSettings.php. * (bug 2396) New shared database configuration variables. $wgSharedPrefix allows you to use a shared database with a different prefix. Or you can now use a local database and use prefixes to separate wiki and the shared tables. And the new $wgSharedTables variable allows you to specify a list of tables to share. * Automatic edit summaries can be disabled with $wgUseAutomaticEditSummaries * Duplicates of images are now shown on the image page * $wgRCFilterByAge allows for the list of dates in recent changes special pages to be filtered to only those within the range of $wgRCMaxAge * $wgRCLinkLimits and $wgRCLinkDays allow for customization of the list and limits displayed on the recent changes special pages * The "createpage" permission is no longer required when uploading if the target image page already exists * $wgMaximumMovedPages restricts the number of pages that can be moved at once (default 100) with the new subpage-move functionality of [/wiki/Special:MovePage Special:Movepage] * Hooks display in [/wiki/Special:Version Special:Version] is now disabled by default, use $wgSpecialVersionShowHooks = true; to enable it. * $wgActiveUserEditCount sets the number of edits that must be performed over a certain number of days to be considered active * $wgActiveUserDays is that number of days * $wgRateLimitsExcludedGroups has been deprecated in favor of $wgGroupPermissions[]['noratelimit']. The former still works, however. * New $wgGroupPermissions option 'move-subpages' added to control bulk-moving subpages along with pages. Assigned to 'user' and 'sysop' by default. * New $wgRC2UDPOmitBots allows user to omit bot edits from UDP output. Default: false * Removed $wgEnableCascadingProtection option. Disabling cascading protection is no longer possible. * $wgMessageCacheType defines now the type of cache used by the MessageCache class, previously it was choosen based on $wgParserCacheType * $wgExtensionAliasesFiles option to simplify adding aliases to special pages provided by extensions, in a similar way to $wgExtensionMessagesFiles * Added $wgXMLMimeTypes, an array of XML mimetypes we can check for with MimeMagic. * Added $wgDirectoryMode, which allows for setting the default CHMOD value when creating new directories. * (bug 14843) $wgCookiePrefix can be set by LocalSettings now, false defaults current behavior.
New features in 1.13
* on a category page causes the category to be hidden on the article page * Do not show edit permissions errors on a red link click, just redirect to the article. This is so that readers who don't know what a red link is are not confused when they are told they are range-blocked. * Add a new hook ImageBeforeProduceHTML to allow extensions to modify wikitext image syntax output * (bug 13100) Added 'preloadtitle' parameter to action=edit§ion=new that pre-fills the section title field * (bug 13112) Added [/wiki/Special:RecentChangesLinked Special:RelatedChanges] alias to [/wiki/Special:RecentChangesLinked Special:RecentChangesLinked] * (bug 13130) Moved edit token and autosummary fields above edit tools to reduce broken form submissions * Add --old-redirects-only option to maintenance/refreshLinks.php, to add old redirects to the redirect table * Add links to page and file deletion forms to edit predefined delete reasons * (bug 13269) Added MediaWiki:Uploadfooter to the bottom of [/wiki/Special:Upload Special:Upload] * (bug 2815) Search results for media now use thumbnail instead of text extract * When a page doesn't exist, the tab should say "create", not "edit" * (bug 12882) Added a span with class "patrollink" around "Mark as patrolled" link on diffs * Magic word formatnum can now take raw suffix to undo formatting * Add updatelog table to reliably permit updates that don't change the schema * Add category table to allow better tracking of category membership counts ** (bug 1212) Give correct membership counts on the pages of large categories ** Use category table for more efficient display of [/wiki/Special:Categories Special:Categories] * (bug 1459) Search for duplicate files by hash: [/wiki/Special:FileDuplicateSearch Special:FileDuplicateSearch] * (bug 9447) Added hooks for search result headings * Image redirects are now enabled by default * (bug 13450) Email confirmation can now be canceled before the expiration * (bug 13490) Show upload/file size limit on upload form * Redesign of [/wiki/Special:UserRights Special:UserRights] * Make rev_deleted log entries more intelligible * (bug 6943) Added PAGESINCATEGORY: magic word * (bug 13604) Added [/wiki/Special:ListGroupRights Special:ListGroupRights] * (bug 6332, 8617) Added message 'mainpage-description' as duplicate of 'mainpage' and added it to message 'sidebar' * Automatically add old redirects to the redirect table when needed * (bug 6934) Allow inclusions, links, redirects to be separately toggled on or off on [/wiki/Special:WhatLinksHere Special:WhatLinksHere] * Cache image redirects * (bug 10457) Organize [/wiki/Special:SpecialPages Special:SpecialPages] into sections * Add a new hook EditPageBeforeConflictDiff to allow extensions like FCKeditor to modify the output for edit conflicts * Add class="nested" for <fieldset>s so fieldsets inside fieldsets get a slightly less huge margin and padding * (bug 13527) Use sitemaps.org format 0.9 instead of a Google-specific format * Allow \C and \Q as TeX commands to match \R, \N, \Z * On [/wiki/Special:UserRights Special:UserRights], when you can add a group you can't remove or remove one you can't add, a notice is printed to warn you * (bug 12698) Create PAGESIZE parser function, to return the size of a page * Allow the "log in / create account" link in the toolbar to have different text from [/wiki/Special:UserLogin Special:UserLogin] title (new message 'nav-login-createaccount') * Say "log in / create account" if an anonymous user can create an account, otherwise just "log in", consistently across skins * [/wiki/Special:ShortPages Special:Shortpages] and [/wiki/Special:LongPages Special:Longpages] now returns pages in all content namespaces, not just NS_MAIN. * (bug 889) Improve conflict-handling between shared upload repository and local one * Update documentation links in auto-generated LocalSettings.php * (bug 13584) The new hook SkinTemplateToolboxEnd was added. * (bug 709) Cannot rename/move images and other media files [EXPERIMENTAL] * Custom rollback summaries now accept the same arguments as the default message * (bug 12542) Added hooks for expansion of [/wiki/Special:ListUsers Special:Listusers] * Drop-down AJAX search suggestions (turn on $wgEnableMWSuggest) * More relevant search snippets (turn on $wgAdvancedSearchHighlighting) * (bug 13950) Allow users to watch the user/talk pages of users they block. * (bug 13970) Allow MonoBook-based skins to specify their own print stylesheet * Show image links on [/wiki/Special:WhatLinksHere Special:Whatlinkshere] * Use rel="start", "prev", "next" appropriately on Pager-based pages * Add support for SQLite * AutoAuthenticate hook renamed to UserLoadFromSession * (bug 13232) importScript(), importStylesheet() funcs available to custom JS * (bug 13095) Search by first letters or digits in [/wiki/Special:Categories Special:Categories] * Users moving a page can now move all subpages automatically as well * (bug 14259) Localisation message for upload button on [/wiki/Special:Import Special:Import] is now 'import-upload' instead of 'upload' * Add information about user group membership to [/wiki/Special:Preferences Special:Preferences] * (bug 14146) Wrap usage section on imagepages into