setting since version 1.2.0. If you have it on, turn it *off* if you can.
+== MediaWiki 1.5 alpha 2 ==
+
+June 3, 2005
+
+MediaWiki 1.5 alpha 2 includes a lot of bug fixes, feature merges,
+and a security update.
+
+Incorrect handling of page template inclusions made it possible to
+inject JavaScript code into HTML attributes, which could lead to
+cross-site scripting attacks on a publicly editable wiki.
+
+Vulnerable releases and fix:
+* 1.5 prerelease: fixed in 1.5alpha2
+* 1.4 stable series: fixed in 1.4.5
+* 1.3 legacy series: fixed in 1.3.13
+* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended
+
+
== MediaWiki 1.5 alpha 1 ==
May 3, 2005
* support for external editors for files and wiki pages:
http://meta.wikimedia.org/wiki/Help:External_editors
* Schema reworking: http://meta.wikimedia.org/wiki/Proposed_Database_Schema_Changes/October_2004
-* New WikiSyntax: -- turns into — or – depending on context
* (bug 15) Allow editors to view diff of their change before actually submitting an edit
* (bug 190) Hide your own edits on the watchlist
* (bug 510): Special:Randompage now works for other namespaces than NS_MAIN.
* $wgStyleSheetDirectory is no longer an alias for $wgStyleDirectory;
* Special:Movepage can now take paramaters like Special:Movepage/Page_to_move
(used to just be able to take paramaters via a GET request like index.php?title=Special:Movepage&target=Page_to_move)
-* Deprecated the {{msg:template}} syntax for referring to templates
* (bug 2151) The delete summary now includes editor name, if only one has edited the article.
* (bug 2105) Fixed from argument to the PHP mail() function. A missing space could prevent sending mail with some versions of sendmail.
+* (bug 2228) Updated the Slovak translation
* ...and more!
=== Changes since 1.5alpha1 ===
-* ...various...
* (bug 73) Category sort key is set to file name when adding category to
file description from upload page (previously it would be set to
"Special:Upload", causing problems with category paging)
+* (bug 419) The contents of the navigation toolbar are now editable through
+ the MediaWiki namespace on the MediaWiki:navbar page.
* (bug 498) The Views heading in MonoBook.php is now localizable
* (bug 898) The wiki can now do advanced sanity check on uploaded files
including virus checks using external programs.
-* (bug 2067) Fixed crash on empty quoted HTML attribute
-* (bug 2079) Removed links to Special:Maintenance from movepagetext messages
-* Fix for reading incorrectly re-gzipped HistoryBlob entries
+* (bug 1692) Fix margin on unwatch tab
* (bug 1906) Generalize project namespace for Latin localization, update namespaces
+* (bug 1975) The name for Limburgish (li) changed from "Lèmburgs" to "Limburgs
+* (bug 2019) Wrapped the output of Special:Version in <div dir='ltr'> in order
+ to preserve the correct flow of text on RTL wikis.
+* (bug 2067) Fixed crash on empty quoted HTML attribute
* (bug 2075) Corrected namespace definitions in Tamil localization
+* (bug 2079) Removed links to Special:Maintenance from movepagetext message
+* (bug 2094) Multiple use of a template produced wrong results in some cases
+* (bug 2095) Triple-closing-bracket thing partly fixed
+* (bug 2110) "noarticletext" should not display on Image page for "sharedupload" media
+* (bug 2150) Fix tab indexes on edit form
+* (bug 2152) Add missing bgcolor to attribute whitelist for <td> and <th>
+* (bug 2176) Section edit 'show changes' button works correctly now
+* (bug 2178) Use temp dir from environment in parser tests
+* (bug 2217) Negative ISO years were incorrectly converted to BC notation
+* (bug 2234) allow special chars in database passwords during install
+* Deprecated the {{msg:template}} syntax for referring to templates, {{msg: is
+ now the wikisyntax representation of wfMsgForContent()
+* Fix for reading incorrectly re-gzipped HistoryBlob entries
+* HistoryBlobStub: the last-used HistoryBlob is kept open to speed up
+ multiple-revision pulls
* Add $wgLegacySchemaConversion update-time option to reduce amount of
copying during the schema upgrade: creates HistoryBlobCurStub reference
records in text instead of copying all the cur_text fields. Requires
that the cur table be left in place until/unless such fields are migrated
into the main text store.
-* (bug 1692) Fix margin on unwatch tab
-* (bug 1975) The name for Limburgish (li) changed from "Lèmburgs" to "Limburgs"
-* HistoryBlobStub: the last-used HistoryBlob is kept open to speed up
- multiple-revision pulls
* Special:Export now includes page, revision, and user id numbers by
default (previously this was disabled for no particular reason)
* dumpBackup.php can dump the full database to Export XML, with current
revisions only or complete histories.
-* (bug 2019) Wrapped the output of Special:Version in <div dir='ltr'> in order
- to preserve the correct flow of text on RTL wikis.
-* (bug 2150) Fix tab indexes on edit form
-* (bug 2152) Add missing bgcolor to attribute whitelist for <td> and <th>
-* Group table renamed.....?
-* (bug 2178) Use temp dir from environment in parser tests
-* (bug 2176) Section edit 'show changes' button works correctly now
+* The group table was renamed to groups because "group" is a reserved word in
+ SQL which caused some inconveniances.
* New fileicons for c, cpp, deb, dvi, exe, h, html, iso, java, mid, mov, o,
ogg, pdf, ps, rm, rpm, tar, tex, ttf and txt files based on the KDE
crystalsvg theme.
* Fixed a bug in Special:Newimages that made it impossible to search for '0'
-* (bug 2095) Triple-closing-bracket thing partly fixed
-* (bug 2110) "noarticletext" should not display on Image page for "sharedupload" media
-
+* Added language variant support for Icelandic, now supports "Íslenzka"
+* The #p-nav id in MonoBook is now #p-navigation
+* Putting $4 in msg:userstatstext will now give the percentage of
+ admnistrators out of normal users.
+* links and brokenlinks tables merged to pagelinks; this will reduce pain
+ dealing with moves and deletes of widely-linked pages.
+* Add validate table and val_ip column through the updater.
+* Simple rate limiter for edits and page moves; set $wgRateLimits
+ (somewhat experimental; currently needs memcached)
+* (bug 2262) Hide math preferences when TeX is not enabled
+* (bug 2267) Don't generate thumbnail at the same size as the source image.
+* Fix rebuildtextindex.inc for new schema
+* Remove linkscc table code, no longer used.
+* (bug 2271) Use faster text-only link replacement in image alt text
+ instead of rerunning expensive link lookup and HTML generation.
+* Only build the HTML attribute whitelist tree once.
+* Replace wfMungeToUtf8 and do_html_entity_decode with a single function
+ that does both numeric and named chars: Sanitizer::decodeCharReferences
+* Removed some obsolete UTF-8 converter functions
+* Fix function comment in debug dump of SQL statements
+* (bug 2275) Update search index more or less right on page move
+* (bug 2053) Move comment whitespace trimming from edit page to save;
+ leaves the whitespace from the section comment there on preview.
+* (bug 2274) Respect stub threshold in category page list
+* (bug 2173) Fatal error when removing an article with an empty title from the watchlist
+* Removed -f parameter from mail() usage, likely to cause failures and bounces.
+* (bug 2130) Fixed interwiki links with fragments
+* (bug 684) Accept an attribute parameter array on parser hook tags
+* (bug 814) Integrate AuthPlugin changes to support Ryan Lane's external
+ LDAP authentication plugin
+* (bug 2034) Armor HTML attributes against template inclusion and links munging
+
+=== Changes since 1.5alpha2 ===
+
+* (bug 2319) Fix parse hook tag matching
+* (bug 2329) Fix title formatting in several special pages
+* (bug 2223) Add unique index on user_name field to prevent duplicate accounts
+* (bug 1976) fix shared user database with a table prefix set
+* (bug 2334) Accept null for attribs in wfElement without PHP warning
+* (bug 2309) Allow templates and template parameters in HTML attribute zone,
+ with proper validation checks. (regression from fix for 2304)
+* Disallow close tags and enforce empty tags for <hr> and <br>
+* Changed user_groups format quite a bit.
+* (bug 2368) Avoid fatally breaking PHP 4.1.2 in a debug line
+* (bug 2367) Insert correct redirect link record on page move
+* (bug 2372) Fix rendering of empty-title inline interwiki links
+* (bug 2384) Fix typo in regex for IP address checking
+* (bug 650) Prominently link MySQL 4.1 help page in installer if a possible
+ version conflict is detected
+* (bug 2394) Undo incompatible breakage to {{msg:}} compatiblity includes
+* (bug 1322) Use a shorter cl_sortkey field to avoid breaking on MySQL 4.1
+ when the default charset is set to utf8
+* (bug 2400) don't send confirmation mail on account creation if
+ $wgEmailAuthentication is false.
+* (bug 2172) Fix problem with nowiki beeing replaced by marker strings
+ when a template with a gallery was used.
+* Guard Special:Userrights against form submission forgery
+* (bug 2408) page_is_new was inverted (whoops!)
+* Added wfMsgHtml() function for escaping messages and leaving params intact
+* Fix ordering of Special:Listusers; fix groups list so it shows all groups
+ when searching for a specific group and can't be split across pages
+* (bug 1702) Display a handy upload link instead of a useless blank link
+ for [[media:]] links to nonexistent files.
+* (bug 873) Fix usage of createaccount permission; replaces $wgWhitelistAccount
+* (bug 1805) Initialise $wgContLang before $wgUser
+* (bug 2277) Added Friulian language file
+* (bug 2457) The "Special page" href now links to the current special page
+ rather than to "".
+* (bug 1120) Updated the Czech translation
+* A new magic word, {{SCRIPTPATH}}, returns $wgScriptPath
+* A new magic word, {{SERVERNAME}}, returns $wgServerName
+* Special:Imagelist displays titles with " " instead of "_"
+* Less gratuitous munging of content sample in delete summary
+* badaccess/badaccesstext to supercede sysop*, developer* messages
+* Changed $wgGroupPermissions to more cut-n-paste-friendly format
+* 'developer' group deprecated by default
+* Special:Upload now uses 'upload' permission instead of hardcoding login check
+* Add 'importupload' permission to disable direct uploads to Special:Import
+* (bug 2459) Correct escaping in Special:Log prev/next links
+* (bug 2462 etc) Taking out the experimental dash conversion; it broke too many
+ things for the current parser to handle cleanly
+* (bug 2467) Added a Turkish language file
+* Fixed a bug in Special:Contributions that caused the namespace selection to
+ be forgotten between submits
+* Special:Watchlist/edit now has namespace subheadings
+* (bug 1714) the "Save page" button now has right margin to seperate it from
+ "Show preview" and "Show changes"
+* Special:Statistics now supports action=raw, useful for bots designed to
+ harwest e.g. article counts from multiple wikis.
+* The copyright confirmation box at Special:Upload is now turned off by default
+ and can be turned back on by setting $wgCopyrightAffirmation to a true value.
+* Restored prior text for password reminder button and e-mail, replacing
+ the factually inaccurate text that was there.
+* (bug 2178) Fix temp dir check again
+* (bug 2488) Format 'deletedtext' message as wikitext
+* (bug 750) Keep line endings consistent in LocalSettings.php
+* (bug 1577) Add 'printable version' tab in MonoBook for people who don't
+ realize you can just hit print to get a nicely formatted printable page.
+* Trim whitespace from option values to weather line-ending corruption problems
+* Fixed a typo in the Romanian language file (NS_MESIA => NS_MEDIA)
+* (bug 2504) Updated the Finnish translation
+* (bug 2506) Updated the Nynorsk translation
+* (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE
+ documentation about edit and read whitelists.
=== Caveats ===
dépôts / lhc / web / wiklou.git / blobdiff