From bba17020d2d375efda9be4b1c439713f6e7dc77b Mon Sep 17 00:00:00 2001 From: "James D. Forrester" Date: Thu, 27 Apr 2017 14:02:10 -0700 Subject: [PATCH] Move RELEASE-NOTES-1.29 to HISTORY Changes to master that are going to be immediately backported to REL1_29 before release should write changes to HISTORY directly. Change-Id: Ia3e02293b13406e7a4741ef14897dd83bca98d46 --- HISTORY | 339 +++++++++++++++++++++++++++++++++++++- RELEASE-NOTES-1.29 | 395 --------------------------------------------- 2 files changed, 338 insertions(+), 396 deletions(-) delete mode 100644 RELEASE-NOTES-1.29 diff --git a/HISTORY b/HISTORY index c6ce06c698..be90221143 100644 --- a/HISTORY +++ b/HISTORY @@ -1,4 +1,341 @@ -Change notes from older releases. For current info see RELEASE-NOTES-1.29. +Change notes from older releases. For current info see RELEASE-NOTES-1.30. + += MediaWiki 1.29 = + +== MediaWiki 1.29.0 == + +=== Configuration changes in 1.29 === +* Default cookie expiration time has been reduced to 30 days. Login cookie + expiration time is kept at 180 days. +* A new configuration variable has been added: $wgCookieSetOnAutoblock. This + determines whether to set a cookie when a user is autoblocked. Doing so means + that a blocked user, even after logging out and moving to a new IP address, + will still be blocked. +* The resetpassword right and associated password reset capture feature has + been removed. +* The $error parameter to the EmailUser hook should be set to a Status object + or boolean false. This should be compatible with at least MediaWiki 1.23 if + not earlier. Returning a raw HTML string is now deprecated. +* The $message parameter to the ApiCheckCanExecute hook should be set to an + ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a + code for ApiBase::parseMsg() will no longer work. +* ApiBase::$messageMap is no longer public. Code attempting to access it will + result in a PHP fatal error. +* $wgUserEmailUseReplyTo is now true by default to work around restrictive DMARC + policies. +* Subpages are now enabled by default in the Template namespace. Set + $wgNamespacesWithSubpages[NS_TEMPLATE] to false to keep the old behavior. +* $wgRunJobsAsync is now false by default (T142751). This change only affects + wikis with $wgJobRunRate > 0. +* A temporary feature flag, $wgDisableUserGroupExpiry, is provided to disable + new features that rely on the schema changes to the user_groups table. This + feature flag will likely be removed before 1.29 is released. +* (T158474) "Unknown user" has been added to $wgReservedUsernames. +* (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single IPs. +* $wgDummyLanguageCodes is deprecated. Additional language code mappings may be + added to $wgExtraLanguageCodes instead. +* (T161453) LocalisationCache will no longer use the temporary directory in it's + fallback chain when trying to work out where to write the cache. +* The user right 'editusercssjs' (deprecated in 1.16) was removed. Use + 'editusercss' and 'edituserjs' in $wgGroupPermissions and elsewhere instead. + +=== New features in 1.29 === +* (T5233) A cookie can now be set when a user is autoblocked, to track that user + if they move to a new IP address. This is disabled by default. +* Added ILocalizedException interface to standardize the use of localized + exceptions, largely so the API can handle them more sensibly. +* Blocks created automatically by MediaWiki, such as for configured proxies or + dnsbls, are now indicated as such and use a new i18n message when displayed. +* Added new $wgHTTPImportTimeout setting. Sets timeout for + downloading the XML dump during a transwiki import in seconds. +* Parser limit report is now available in machine-readable format to JavaScript + via mw.config.get('wgPageParseReport'). +* Added $wgSoftBlockRanges, to allow for automatically blocking anonymous edits + from certain IP ranges (e.g. private IPs). +* (T59603) Added new magic word {{PAGELANGUAGE}} which returns the language code + of the page being parsed. +* HTML5 form validation attributes will no longer be suppressed. Originally + browsers had poor support for them, but modern browsers handle them fine. + This might affect some forms that used them and only worked because the + attributes were not actually being set. +* Expiry times can now be specified when users are added to user groups. +* Completely new user interface for the RecentChanges page, which + structures filters into user-friendly groups. This has corresponding + changes to how filters are registered by core and extensions. +* The edit form now uses pretty OOjs UI buttons, checkboxes and summary input. + Because this change can cause problems for extensions and on-wiki + scripts depending on the exact HTML, the old version is still available + and can be used by setting $wgOOUIEditPage = false; in LocalSettings.php. + This will be removed later and OOjs UI will become the only option. + To make testing easier, users can also force either mode by adding + &ooui=true or &ooui=false to the action=edit URL. + +=== External library changes in 1.29 === + +==== Upgraded external libraries ==== +* Updated QUnit from v1.22.0 to v1.23.1. +* Updated cssjanus from v1.1.2 to v1.2.0. +* Updated psr/log from v1.0.0 to v1.0.2. +* Update Moment.js from v2.8.4 to v2.15.0. +* Updated oyejorge/less.php from v1.7.0.10 to v1.7.0.14. +* Updated monolog from v1.18.2 to 1.22.1. +* Updated wikimedia/composer-merge-plugin from v1.3.1 to v1.4.0. +* Updated OOjs from v1.1.10 to v2.0.0. +* Updated jQuery from v1.11.3 to v3.2.1 (including jQuery Migrate v3.0.0). + +==== New external libraries ==== +* Added wikimedia/timestamp v1.0.0. +* Added wikimedia/remex-html v1.0.1. + +==== Removed and replaced external libraries ==== + +=== Bug fixes in 1.29 === +* (T62604) Core parser functions returning a number now format the number according + to the page content language, not wiki content language. +* (T27187) Search suggestions based on jquery.suggestions will now correctly only + highlight prefix matches in the results. +* (T157035) "new mw.Uri()" was ignoring options when using default URI. +* Special:Allpages can no longer be filtered by redirect in miser mode. +* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed. +* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect + to interwiki links. +* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when + $wgAdvancedSearchHighlighting is true. +* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep + their values out of the logs. +* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF + token. +* (T156184) SECURITY: Escape content model/format url parameter in message. +* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD + declaration. +* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory + in it's fallback chain when trying to work out where to write the cache. +* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion + syntax's link parameter. +* (T108138) SECURITY: Sysops can undelete pages, although the page is protected against + it. + +=== Action API changes in 1.29 === +* Submitting sensitive authentication request parameters to action=login, + action=clientlogin, action=createaccount, action=linkaccount, and + action=changeauthenticationdata in the query string is now an error. They + should be submitted in the POST body instead. +* The capture option for action=resetpassword has been removed +* action=clearhasmsg now requires a POST. +* (T47843) API errors and warnings may be requested in non-English languages + using the new 'errorformat', 'errorlang', and 'errorsuselocal' parameters. +* API error codes may have changed. Most notably, errors from modules using + parameter prefixes (e.g. all query submodules) will no longer be prefixed. +* ApiPageSet-using modules will report the 'invalidreason' using the specified + 'errorformat'. +* action=emailuser may return a "Warnings" status, and now returns 'warnings' and + 'errors' subelements (as applicable) instead of 'message'. +* action=imagerotate returns an 'errors' subelement rather than 'errormessage'. +* action=move now reports errors when moving the talk page as an array under + key 'talkmove-errors', rather than using 'talkmove-error-code' and + 'talkmove-error-info'. The format for subpage move errors has also changed. +* action=revisiondelete no longer includes a "rendered" property on warnings + and errors for each item. Use errorformat=wikitext if you're wanting parsed + output. +* action=rollback no longer returns a "messageHtml" property. Use + errorformat=html if you're wanting HTML formatting of error messages. +* action=upload now reports optional stash failures as an array under key + 'stasherrors' rather than a 'stashfailed' text string. +* action=watch reports 'errors' and 'warnings' instead of a single 'error', and + no longer returns a 'message' on success. +* Added action=validatepassword to validate passwords for the account creation + and password change forms. +* action=purge now requires a POST. +* There is a new `languagevariants` siprop for action=query&meta=siteinfo, + which returns a list of languages with active LanguageConverter instances. +* action=query&query=allpages will no longer filter redirects using a database + query in miser mode. This may result in less results being returned than were + requested. + +=== Action API internal changes in 1.29 === +* New methods were added to ApiBase to handle errors and warnings using i18n + keys. Methods for using hard-coded English messages were deprecated: + * ApiBase::dieUsage() was deprecated + * ApiBase::dieUsageMsg() was deprecated + * ApiBase::dieUsageMsgOrDebug() was deprecated + * ApiBase::getErrorFromStatus() was deprecated + * ApiBase::parseMsg() was deprecated + * ApiBase::setWarning() was deprecated +* ApiBase::$messageMap is no longer public. Code attempting to access it will + result in a PHP fatal error. +* The $message parameter to the ApiCheckCanExecute hook should be set to an + ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a + code for ApiBase::parseMsg() will no longer work. +* UsageException is deprecated in favor of ApiUsageException. For the time + being ApiUsageException is a subclass of UsageException to allow things that + catch only UsageException to still function properly. +* If, for some strange reason, code was using an ApiErrorFormatter instead of + ApiErrorFormatter_BackCompat, note that the result format has changed and + various methods now take a module path rather than a module name. +* ApiMessageTrait::getApiCode() now strips 'apierror-' and 'apiwarn-' prefixes + from the message key, and maps some message keys for backwards compatibility. +* API parameters may now be marked as "sensitive" to keep their values out of + the logs. + +=== Languages updated in 1.29 === + +MediaWiki supports over 350 languages. Many localisations are updated +regularly. Below only new and removed languages are listed, as well as +changes to languages because of Phabricator reports. + +* Based as always on linguistic studies on intelligibility and language + knowledge by geography, language fallbacks have been expanded. When a + translation is missing in the user's preferred interface language, the + corresponding translation for the fallback language will be used instead. + English will only be used as last resort when there are no translations. + Some configurations (such as date formats and gender namespaces) have also + been updated when using the fallback language's configuration was inadequate. + The new or reinstated language fallbacks are (after cs ↔ sk in 1.28): + ca ↔ oc; hsb ↔ dsb; io → eo; mdf → ru; pnt → el; roa-tara → it; rup → ro; + sh → bs, sr-el, hr. +* (T137376) New language support: Atikamekw (atj). +* (T163600) New language support: Dinka (din). +* (T155957) Talk Namespaces for Javanese language (jv) have been updated. + +==== No fallback for Ukrainian ==== +* (T39314) The fallback from Ukrainian to Russian was removed. The Ukrainian + language will now use the default fallback language: English. When a translation + to Ukrainian is not available, an English string will be shown. + +=== Other changes in 1.29 === +* Database::getSearchEngine() (deprecated in 1.28) was removed. Use + SearchEngineFactory::getSearchEngineClass() instead. +* $wgSessionsInMemcached (deprecated in 1.20) was removed. No replacement is + required as all sessions are stored in Object Cache now. +* MWHttpRequest::execute() should be considered to return a StatusValue; the + Status return type is deprecated. +* User::edits() (deprecated in 1.21) was removed. +* Xml::escapeJsString() (deprecated in 1.21) was removed. +* Article::getText() and Article::prepareTextForEdit() (deprecated in 1.21) + were removed. +* Article::getAutosummary() and WikiPage::getAutosummary() (deprecated in 1.21) + were removed. +* Hook ArticleViewCustom (deprecated in 1.21) was removed. Use ArticleContentViewCustom + instead. +* Hooks EditPageGetDiffText and ShowRawCssJs (deprecated in 1.21) were removed. +* Class RevisiondeleteAction (deprecated in 1.25) was removed. +* WikiPage::prepareTextForEdit() (deprecated in 1.21) was removed. +* WikiPage::getText() (deprecated in 1.21) was removed. +* Article::fetchContent() (deprecated in 1.21) was removed. +* User::getPassword() (deprecated in 1.27) was removed. +* User::getTemporaryPassword() (deprecated in 1.27) was removed. +* User::isPasswordReminderThrottled() (deprecated in 1.27) was removed. +* Class FSRepo (deprecated in 1.19) was removed. +* WebRequest::checkSessionCookie() (deprecated in 1.27) was removed. Use + \MediaWiki\Session\SessionManager::singleton()->getPersistedSessionId() instead. +* Class ImageGallery (deprecated in 1.22) was removed. + Use ImageGalleryBase::factory instead. +* Title::moveNoAuth() (deprecated in 1.25) was removed. Use MovePage class instead. +* Hook UnknownAction (deprecated in 1.19) was actually deprecated (it will now + emit warnings). Create a subclass of Action and add it to $wgActions instead. +* WikiRevision::getText() (deprecated since 1.21) is no longer marked deprecated. +* Linker::getInterwikiLinkAttributes() (deprecated since 1.25) was removed. +* Linker::getInternalLinkAttributes() (deprecated since 1.25) was removed. +* Linker::getInternalLinkAttributesObj() (deprecated since 1.25) was removed. +* Linker::getLinkAttributesInternal() (deprecated since 1.25) was removed. +* RedisConnectionPool::handleException (deprecated since 1.23) was removed. +* The static properties mw.Api.errors and mw.Api.warnings, containing incomplete + and outdated lists of errors/warnings returned by the API, are now deprecated. +* wiki.phtml entry point was removed. Refer to index.php instead. If you want "wiki.phtml" + URLs to continue to work, set up redirects. In Apache, this can be done by enabling + mod_rewrite and adding the following rules to your configuration: + + RewriteEngine On + RewriteBase / + RewriteRule ^/w/wiki\.phtml$ /w/index.php [R=301,L] +* Hook ArticleAfterFetchContent (deprecated in 1.21) was removed. + Use ArticleAfterFetchContentObject instead. +* Hook ArticleInsertComplete (deprecated in 1.21) was removed. + Use PageContentInsertComplete instead. +* Hook ArticleSave (deprecated in 1.21) was removed. + Use PageContentSave instead. +* Hook ArticleSaveComplete (deprecated in 1.21) was removed. + Use PageContentSaveComplete instead. +* Hook EditFilterMerged (deprecated in 1.21) was removed. + Use EditFilterMergedContent instead. +* Hook EditPageGetPreviewText (deprecated in 1.21) was removed. + Use EditPageGetPreviewContent instead. +* Hook TitleIsCssOrJsPage (deprecated in 1.21) was removed. + Use ContentHandlerDefaultModelFor instead. +* Hook TitleIsWikitextPage (deprecated in 1.21) was removed. + Use ContentHandlerDefaultModelFor instead. +* Article::getContent() (deprecated in 1.21) was removed. +* Revision::getText() (deprecated in 1.21) was removed. +* Article::doEdit() and WikiPage::doEdit() (deprecated in 1.21) were removed. +* Parser::replaceUnusualEscapes() (deprecated in 1.24) was removed. +* Article::doEditContent() was marked as deprecated, to be removed in 1.30 + or later. +* ContentHandler::runLegacyHooks() was removed. +* refreshLinks.php now can be limited to a particular category with --category=... + or a tracking category with --tracking-category=... +* User-like objects that are passed to SpecialUserRights and its subclasses are + now required to have a getGroupMemberships() method. See UserRightsProxy for + an example. +* User::$mGroups (instance variable) was marked private. Use User::getGroups() + instead. +* User::getGroupName(), User::getGroupMember(), User:getGroupPage(), + User::makeGroupLinkHTML(), and User::makeGroupLinkWiki() were deprecated. + Use equivalent methods on the UserGroupMembership class. +* Maintenance scripts and tests that call User::addGroup() must now ensure that + User objects have been added to the database prior to calling addGroup(). +* Protected function UsersPager::getGroups() was removed, and protected function + UsersPager::buildGroupLink() was changed from a static to an instance method. +* The third parameter ($cache) to the UsersPagerDoBatchLookups hook was changed; + see docs/hooks.txt. +* User::crypt() (deprecated in 1.24) was removed. +* User::comparePasswords() (deprecated in 1.24) was removed. +* ArchivedFile::getUserText() (deprecated in 1.23) was removed. +* HTMLFileCache::newFromTitle() (deprecated in 1.24) was removed. +* BREAKING CHANGE: Internal signature changes to ChangesListSpecialPage + and subclasses. It should only break if you call buildMainQueryConds + (changed to buildQuery with new signature) or doMainQuery (new + signature). Subclasses are likely to call at least doMainQuery + (possibly both), but other classes might too, because they were + public. + Also, some related hooks were deprecated, but this is not yet a + breaking change. +* Removed 'jquery.arrowSteps' module. (deprecated since 1.28) +* The 'jquery.autoEllipsis' ResourceLoader module is now deprecated. +* WikiRevision::$fileIsTemp was deprecated. +* WikiRevision::$importer was deprecated. +* WikiRevision::$user was deprecated. +* Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the + WikiPage::PURGE_* constants are deprecated, and the functions will always + return false. They were a hack for an issue that has since been fixed. +* Hook 'EditPageBeforeEditChecks' is now deprecated. Instead use the new hook + 'EditPageGetCheckboxesDefinition', or 'EditPage::showStandardInputs:options' + if you don't actually care about checkboxes and just want to add some HTML + to the page. +* Selflinks are now rendered as href-less tags with the class mw-selflink + rather than tags. The old class name, "selflink", was deprecated + and will be removed in a future release. (T160480) +* (T156184) $wgRawHtml will no longer apply to internationalization messages. +* Browser support for non-ES5 JavaScript browsers, including Android 2, + Opera <12.10, and Internet Explorer 9, was lowered from Grade A to Grade C. +* Removed wikibits global methods deprecated since MediaWiki 1.17 (T122755): + is_gecko, is_chrome_mac, is_chrome, webkit_version, is_safari_win, is_safari, + webkit_match, is_ff2, ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs, + opera7_bugs, opera6_bugs, is_opera_95, is_opera_preseven, is_opera, + ie6_bugs, clientPC, changeText, killEvt, addHandler, hookEvent, + addClickHandler, removeHandler, getElementsByClassName, getInnerText, + setupCheckboxShiftClick, addCheckboxClickHandlers, mwEditButtons, + mwCustomEditButtons, injectSpinner, removeSpinner, escapeQuotes, + escapeQuotesHTML, jsMsg, addPortletLink, appendCSS, tooltipAccessKeyPrefix, + tooltipAccessKeyRegexp, updateTooltipAccessKeys. +* The ID of the
  • element containing the login link has changed from + 'pt-login' to 'pt-login-private' in private wikis. +* The old, neglected "bulletin board style toolbar" in the edit form is now + deprecated (T30856). This old code dates from 2006, and was replaced in the + MediaWiki release tarball and in Wikimedia production by the WikiEditor + extension in 2010. It is only shown to users if no other editor was + installed, and leads to confusion. +* (T92459) Loading ResourceLoader modules containing JavaScript through + addModuleStyles() is deprecated and will log a warning server-side. = MediaWiki 1.28 = diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29 deleted file mode 100644 index 9a86f94409..0000000000 --- a/RELEASE-NOTES-1.29 +++ /dev/null @@ -1,395 +0,0 @@ -== MediaWiki 1.29 == - -THIS IS NOT A RELEASE YET - -MediaWiki 1.29 is an alpha-quality branch and is not recommended for use in -production. - -=== Configuration changes in 1.29 === -* Default cookie expiration time has been reduced to 30 days. Login cookie - expiration time is kept at 180 days. -* A new configuration variable has been added: $wgCookieSetOnAutoblock. This - determines whether to set a cookie when a user is autoblocked. Doing so means - that a blocked user, even after logging out and moving to a new IP address, - will still be blocked. -* The resetpassword right and associated password reset capture feature has - been removed. -* The $error parameter to the EmailUser hook should be set to a Status object - or boolean false. This should be compatible with at least MediaWiki 1.23 if - not earlier. Returning a raw HTML string is now deprecated. -* The $message parameter to the ApiCheckCanExecute hook should be set to an - ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a - code for ApiBase::parseMsg() will no longer work. -* ApiBase::$messageMap is no longer public. Code attempting to access it will - result in a PHP fatal error. -* $wgUserEmailUseReplyTo is now true by default to work around restrictive DMARC - policies. -* Subpages are now enabled by default in the Template namespace. Set - $wgNamespacesWithSubpages[NS_TEMPLATE] to false to keep the old behavior. -* $wgRunJobsAsync is now false by default (T142751). This change only affects - wikis with $wgJobRunRate > 0. -* A temporary feature flag, $wgDisableUserGroupExpiry, is provided to disable - new features that rely on the schema changes to the user_groups table. This - feature flag will likely be removed before 1.29 is released. -* (T158474) "Unknown user" has been added to $wgReservedUsernames. -* (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single IPs. -* $wgDummyLanguageCodes is deprecated. Additional language code mappings may be - added to $wgExtraLanguageCodes instead. -* (T161453) LocalisationCache will no longer use the temporary directory in it's - fallback chain when trying to work out where to write the cache. -* The user right 'editusercssjs' (deprecated in 1.16) was removed. Use - 'editusercss' and 'edituserjs' in $wgGroupPermissions and elsewhere instead. - -=== New features in 1.29 === -* (T5233) A cookie can now be set when a user is autoblocked, to track that user - if they move to a new IP address. This is disabled by default. -* Added ILocalizedException interface to standardize the use of localized - exceptions, largely so the API can handle them more sensibly. -* Blocks created automatically by MediaWiki, such as for configured proxies or - dnsbls, are now indicated as such and use a new i18n message when displayed. -* Added new $wgHTTPImportTimeout setting. Sets timeout for - downloading the XML dump during a transwiki import in seconds. -* Parser limit report is now available in machine-readable format to JavaScript - via mw.config.get('wgPageParseReport'). -* Added $wgSoftBlockRanges, to allow for automatically blocking anonymous edits - from certain IP ranges (e.g. private IPs). -* (T59603) Added new magic word {{PAGELANGUAGE}} which returns the language code - of the page being parsed. -* HTML5 form validation attributes will no longer be suppressed. Originally - browsers had poor support for them, but modern browsers handle them fine. - This might affect some forms that used them and only worked because the - attributes were not actually being set. -* Expiry times can now be specified when users are added to user groups. -* Completely new user interface for the RecentChanges page, which - structures filters into user-friendly groups. This has corresponding - changes to how filters are registered by core and extensions. -* The edit form now uses pretty OOjs UI buttons, checkboxes and summary input. - Because this change can cause problems for extensions and on-wiki - scripts depending on the exact HTML, the old version is still available - and can be used by setting $wgOOUIEditPage = false; in LocalSettings.php. - This will be removed later and OOjs UI will become the only option. - To make testing easier, users can also force either mode by adding - &ooui=true or &ooui=false to the action=edit URL. - -=== External library changes in 1.29 === - -==== Upgraded external libraries ==== -* Updated QUnit from v1.22.0 to v1.23.1. -* Updated cssjanus from v1.1.2 to v1.2.0. -* Updated psr/log from v1.0.0 to v1.0.2. -* Update Moment.js from v2.8.4 to v2.15.0. -* Updated oyejorge/less.php from v1.7.0.10 to v1.7.0.14. -* Updated monolog from v1.18.2 to 1.22.1. -* Updated wikimedia/composer-merge-plugin from v1.3.1 to v1.4.0. -* Updated OOjs from v1.1.10 to v2.0.0. -* Updated jQuery from v1.11.3 to v3.2.1 (including jQuery Migrate v3.0.0). - -==== New external libraries ==== -* Added wikimedia/timestamp v1.0.0. -* Added wikimedia/remex-html v1.0.1. - -==== Removed and replaced external libraries ==== - -=== Bug fixes in 1.29 === -* (T62604) Core parser functions returning a number now format the number according - to the page content language, not wiki content language. -* (T27187) Search suggestions based on jquery.suggestions will now correctly only - highlight prefix matches in the results. -* (T157035) "new mw.Uri()" was ignoring options when using default URI. -* Special:Allpages can no longer be filtered by redirect in miser mode. -* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed. -* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect - to interwiki links. -* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when - $wgAdvancedSearchHighlighting is true. -* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep - their values out of the logs. -* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF - token. -* (T156184) SECURITY: Escape content model/format url parameter in message. -* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD - declaration. -* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory - in it's fallback chain when trying to work out where to write the cache. -* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion - syntax's link parameter. -* (T108138) SECURITY: Sysops can undelete pages, although the page is protected against - it. - -=== Action API changes in 1.29 === -* Submitting sensitive authentication request parameters to action=login, - action=clientlogin, action=createaccount, action=linkaccount, and - action=changeauthenticationdata in the query string is now an error. They - should be submitted in the POST body instead. -* The capture option for action=resetpassword has been removed -* action=clearhasmsg now requires a POST. -* (T47843) API errors and warnings may be requested in non-English languages - using the new 'errorformat', 'errorlang', and 'errorsuselocal' parameters. -* API error codes may have changed. Most notably, errors from modules using - parameter prefixes (e.g. all query submodules) will no longer be prefixed. -* ApiPageSet-using modules will report the 'invalidreason' using the specified - 'errorformat'. -* action=emailuser may return a "Warnings" status, and now returns 'warnings' and - 'errors' subelements (as applicable) instead of 'message'. -* action=imagerotate returns an 'errors' subelement rather than 'errormessage'. -* action=move now reports errors when moving the talk page as an array under - key 'talkmove-errors', rather than using 'talkmove-error-code' and - 'talkmove-error-info'. The format for subpage move errors has also changed. -* action=revisiondelete no longer includes a "rendered" property on warnings - and errors for each item. Use errorformat=wikitext if you're wanting parsed - output. -* action=rollback no longer returns a "messageHtml" property. Use - errorformat=html if you're wanting HTML formatting of error messages. -* action=upload now reports optional stash failures as an array under key - 'stasherrors' rather than a 'stashfailed' text string. -* action=watch reports 'errors' and 'warnings' instead of a single 'error', and - no longer returns a 'message' on success. -* Added action=validatepassword to validate passwords for the account creation - and password change forms. -* action=purge now requires a POST. -* There is a new `languagevariants` siprop for action=query&meta=siteinfo, - which returns a list of languages with active LanguageConverter instances. -* action=query&query=allpages will no longer filter redirects using a database - query in miser mode. This may result in less results being returned than were - requested. - -=== Action API internal changes in 1.29 === -* New methods were added to ApiBase to handle errors and warnings using i18n - keys. Methods for using hard-coded English messages were deprecated: - * ApiBase::dieUsage() was deprecated - * ApiBase::dieUsageMsg() was deprecated - * ApiBase::dieUsageMsgOrDebug() was deprecated - * ApiBase::getErrorFromStatus() was deprecated - * ApiBase::parseMsg() was deprecated - * ApiBase::setWarning() was deprecated -* ApiBase::$messageMap is no longer public. Code attempting to access it will - result in a PHP fatal error. -* The $message parameter to the ApiCheckCanExecute hook should be set to an - ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a - code for ApiBase::parseMsg() will no longer work. -* UsageException is deprecated in favor of ApiUsageException. For the time - being ApiUsageException is a subclass of UsageException to allow things that - catch only UsageException to still function properly. -* If, for some strange reason, code was using an ApiErrorFormatter instead of - ApiErrorFormatter_BackCompat, note that the result format has changed and - various methods now take a module path rather than a module name. -* ApiMessageTrait::getApiCode() now strips 'apierror-' and 'apiwarn-' prefixes - from the message key, and maps some message keys for backwards compatibility. -* API parameters may now be marked as "sensitive" to keep their values out of - the logs. - -=== Languages updated in 1.29 === - -MediaWiki supports over 350 languages. Many localisations are updated -regularly. Below only new and removed languages are listed, as well as -changes to languages because of Phabricator reports. - -* Based as always on linguistic studies on intelligibility and language - knowledge by geography, language fallbacks have been expanded. When a - translation is missing in the user's preferred interface language, the - corresponding translation for the fallback language will be used instead. - English will only be used as last resort when there are no translations. - Some configurations (such as date formats and gender namespaces) have also - been updated when using the fallback language's configuration was inadequate. - The new or reinstated language fallbacks are (after cs ↔ sk in 1.28): - ca ↔ oc; hsb ↔ dsb; io → eo; mdf → ru; pnt → el; roa-tara → it; rup → ro; - sh → bs, sr-el, hr. -* (T137376) New language support: Atikamekw (atj). -* (T163600) New language support: Dinka (din). -* (T155957) Talk Namespaces for Javanese language (jv) have been updated. - -==== No fallback for Ukrainian ==== -* (T39314) The fallback from Ukrainian to Russian was removed. The Ukrainian - language will now use the default fallback language: English. When a translation - to Ukrainian is not available, an English string will be shown. - -=== Other changes in 1.29 === -* Database::getSearchEngine() (deprecated in 1.28) was removed. Use - SearchEngineFactory::getSearchEngineClass() instead. -* $wgSessionsInMemcached (deprecated in 1.20) was removed. No replacement is - required as all sessions are stored in Object Cache now. -* MWHttpRequest::execute() should be considered to return a StatusValue; the - Status return type is deprecated. -* User::edits() (deprecated in 1.21) was removed. -* Xml::escapeJsString() (deprecated in 1.21) was removed. -* Article::getText() and Article::prepareTextForEdit() (deprecated in 1.21) - were removed. -* Article::getAutosummary() and WikiPage::getAutosummary() (deprecated in 1.21) - were removed. -* Hook ArticleViewCustom (deprecated in 1.21) was removed. Use ArticleContentViewCustom - instead. -* Hooks EditPageGetDiffText and ShowRawCssJs (deprecated in 1.21) were removed. -* Class RevisiondeleteAction (deprecated in 1.25) was removed. -* WikiPage::prepareTextForEdit() (deprecated in 1.21) was removed. -* WikiPage::getText() (deprecated in 1.21) was removed. -* Article::fetchContent() (deprecated in 1.21) was removed. -* User::getPassword() (deprecated in 1.27) was removed. -* User::getTemporaryPassword() (deprecated in 1.27) was removed. -* User::isPasswordReminderThrottled() (deprecated in 1.27) was removed. -* Class FSRepo (deprecated in 1.19) was removed. -* WebRequest::checkSessionCookie() (deprecated in 1.27) was removed. Use - \MediaWiki\Session\SessionManager::singleton()->getPersistedSessionId() instead. -* Class ImageGallery (deprecated in 1.22) was removed. - Use ImageGalleryBase::factory instead. -* Title::moveNoAuth() (deprecated in 1.25) was removed. Use MovePage class instead. -* Hook UnknownAction (deprecated in 1.19) was actually deprecated (it will now - emit warnings). Create a subclass of Action and add it to $wgActions instead. -* WikiRevision::getText() (deprecated since 1.21) is no longer marked deprecated. -* Linker::getInterwikiLinkAttributes() (deprecated since 1.25) was removed. -* Linker::getInternalLinkAttributes() (deprecated since 1.25) was removed. -* Linker::getInternalLinkAttributesObj() (deprecated since 1.25) was removed. -* Linker::getLinkAttributesInternal() (deprecated since 1.25) was removed. -* RedisConnectionPool::handleException (deprecated since 1.23) was removed. -* The static properties mw.Api.errors and mw.Api.warnings, containing incomplete - and outdated lists of errors/warnings returned by the API, are now deprecated. -* wiki.phtml entry point was removed. Refer to index.php instead. If you want "wiki.phtml" - URLs to continue to work, set up redirects. In Apache, this can be done by enabling - mod_rewrite and adding the following rules to your configuration: - - RewriteEngine On - RewriteBase / - RewriteRule ^/w/wiki\.phtml$ /w/index.php [R=301,L] -* Hook ArticleAfterFetchContent (deprecated in 1.21) was removed. - Use ArticleAfterFetchContentObject instead. -* Hook ArticleInsertComplete (deprecated in 1.21) was removed. - Use PageContentInsertComplete instead. -* Hook ArticleSave (deprecated in 1.21) was removed. - Use PageContentSave instead. -* Hook ArticleSaveComplete (deprecated in 1.21) was removed. - Use PageContentSaveComplete instead. -* Hook EditFilterMerged (deprecated in 1.21) was removed. - Use EditFilterMergedContent instead. -* Hook EditPageGetPreviewText (deprecated in 1.21) was removed. - Use EditPageGetPreviewContent instead. -* Hook TitleIsCssOrJsPage (deprecated in 1.21) was removed. - Use ContentHandlerDefaultModelFor instead. -* Hook TitleIsWikitextPage (deprecated in 1.21) was removed. - Use ContentHandlerDefaultModelFor instead. -* Article::getContent() (deprecated in 1.21) was removed. -* Revision::getText() (deprecated in 1.21) was removed. -* Article::doEdit() and WikiPage::doEdit() (deprecated in 1.21) were removed. -* Parser::replaceUnusualEscapes() (deprecated in 1.24) was removed. -* Article::doEditContent() was marked as deprecated, to be removed in 1.30 - or later. -* ContentHandler::runLegacyHooks() was removed. -* refreshLinks.php now can be limited to a particular category with --category=... - or a tracking category with --tracking-category=... -* User-like objects that are passed to SpecialUserRights and its subclasses are - now required to have a getGroupMemberships() method. See UserRightsProxy for - an example. -* User::$mGroups (instance variable) was marked private. Use User::getGroups() - instead. -* User::getGroupName(), User::getGroupMember(), User:getGroupPage(), - User::makeGroupLinkHTML(), and User::makeGroupLinkWiki() were deprecated. - Use equivalent methods on the UserGroupMembership class. -* Maintenance scripts and tests that call User::addGroup() must now ensure that - User objects have been added to the database prior to calling addGroup(). -* Protected function UsersPager::getGroups() was removed, and protected function - UsersPager::buildGroupLink() was changed from a static to an instance method. -* The third parameter ($cache) to the UsersPagerDoBatchLookups hook was changed; - see docs/hooks.txt. -* User::crypt() (deprecated in 1.24) was removed. -* User::comparePasswords() (deprecated in 1.24) was removed. -* ArchivedFile::getUserText() (deprecated in 1.23) was removed. -* HTMLFileCache::newFromTitle() (deprecated in 1.24) was removed. -* BREAKING CHANGE: Internal signature changes to ChangesListSpecialPage - and subclasses. It should only break if you call buildMainQueryConds - (changed to buildQuery with new signature) or doMainQuery (new - signature). Subclasses are likely to call at least doMainQuery - (possibly both), but other classes might too, because they were - public. - Also, some related hooks were deprecated, but this is not yet a - breaking change. -* Removed 'jquery.arrowSteps' module. (deprecated since 1.28) -* The 'jquery.autoEllipsis' ResourceLoader module is now deprecated. -* WikiRevision::$fileIsTemp was deprecated. -* WikiRevision::$importer was deprecated. -* WikiRevision::$user was deprecated. -* Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the - WikiPage::PURGE_* constants are deprecated, and the functions will always - return false. They were a hack for an issue that has since been fixed. -* Hook 'EditPageBeforeEditChecks' is now deprecated. Instead use the new hook - 'EditPageGetCheckboxesDefinition', or 'EditPage::showStandardInputs:options' - if you don't actually care about checkboxes and just want to add some HTML - to the page. -* Selflinks are now rendered as href-less tags with the class mw-selflink - rather than tags. The old class name, "selflink", was deprecated - and will be removed in a future release. (T160480) -* (T156184) $wgRawHtml will no longer apply to internationalization messages. -* Browser support for non-ES5 JavaScript browsers, including Android 2, - Opera <12.10, and Internet Explorer 9, was lowered from Grade A to Grade C. -* Removed wikibits global methods deprecated since MediaWiki 1.17 (T122755): - is_gecko, is_chrome_mac, is_chrome, webkit_version, is_safari_win, is_safari, - webkit_match, is_ff2, ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs, - opera7_bugs, opera6_bugs, is_opera_95, is_opera_preseven, is_opera, - ie6_bugs, clientPC, changeText, killEvt, addHandler, hookEvent, - addClickHandler, removeHandler, getElementsByClassName, getInnerText, - setupCheckboxShiftClick, addCheckboxClickHandlers, mwEditButtons, - mwCustomEditButtons, injectSpinner, removeSpinner, escapeQuotes, - escapeQuotesHTML, jsMsg, addPortletLink, appendCSS, tooltipAccessKeyPrefix, - tooltipAccessKeyRegexp, updateTooltipAccessKeys. -* The ID of the
  • element containing the login link has changed from - 'pt-login' to 'pt-login-private' in private wikis. -* The old, neglected "bulletin board style toolbar" in the edit form is now - deprecated (T30856). This old code dates from 2006, and was replaced in the - MediaWiki release tarball and in Wikimedia production by the WikiEditor - extension in 2010. It is only shown to users if no other editor was - installed, and leads to confusion. -* (T92459) Loading ResourceLoader modules containing JavaScript through - addModuleStyles() is deprecated and will log a warning server-side. - -== Compatibility == - -MediaWiki 1.29 requires PHP 5.5.9 or later. There is experimental support for -HHVM 3.6.5 or later. - -MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used, -but support for them is somewhat less mature. There is experimental support for -Oracle and Microsoft SQL Server. - -The supported versions are: - -* MySQL 5.0.3 or later -* PostgreSQL 8.3 or later -* SQLite 3.3.7 or later -* Oracle 9.0.1 or later -* Microsoft SQL Server 2005 (9.00.1399) - -== Upgrading == - -1.29 has several database changes since 1.28, and will not work without schema -updates. Note that due to changes to some very large tables like the revision -table, the schema update may take quite long (minutes on a medium sized site, -many hours on a large site). - -Don't forget to always back up your database before upgrading! - -See the file UPGRADE for more detailed upgrade instructions, including -important information when upgrading from versions prior to 1.11. - -For notes on 1.28.x and older releases, see HISTORY. - -== Online documentation == - -Documentation for both end-users and site administrators is available on -MediaWiki.org, and is covered under the GNU Free Documentation License (except -for pages that explicitly state that their contents are in the public domain): - - https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation - -== Mailing list == - -A mailing list is available for MediaWiki user support and discussion: - - https://lists.wikimedia.org/mailman/listinfo/mediawiki-l - -A low-traffic announcements-only list is also available: - - https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce - -It's highly recommended that you sign up for one of these lists if you're -going to run a public MediaWiki, so you can be notified of security fixes. - -== IRC help == - -There's usually someone online in #mediawiki on irc.freenode.net. -- 2.20.1