* Assign rollback permission to ALL logged-in users by default. This seems to be...

[lhc/web/wiklou.git] / RELEASE-NOTES

= MediaWiki release notes =

Security reminder: MediaWiki does not require PHP's register_globals
setting since version 1.2.0. If you have it on, turn it *off* if you can.

== MediaWiki 1.12 ==

THIS IS NOT A RELEASE YET

MediaWiki is now using a "continuous integration" development model with
quarterly snapshot releases. The latest development code is always kept
"ready to run", and in fact runs our own sites on Wikipedia.

Release branches will continue to receive security updates for about a year
from first release, but nonessential bugfixes and feature developments
will be made on the development trunk and appear in the next quarterly release.

Those wishing to use the latest code instead of a branch release can obtain
it from source control: http://www.mediawiki.org/wiki/Download_from_SVN

=== Configuration changes in 1.12 ===
* Marking edits as bot edits with Special:Contributions?bot=1 now requires the
  markbotedit permission, rather than the rollback permission previously used.
  This permission is assigned by default to the sysop group.
* MediaWiki now checks if serialized files are out of date. New configuration
  variable $wgCheckSerialized can be set to false to enable old behavior (i.e.
  to not check and assume they are always up to date)
* The rollback permission is now assigned by default to all logged-in users. It
  can also now be rate-limited using the normal mechanism.

=== New features in 1.12 ===
* (bug 10735) Add a warning for non-descriptive filenames at Special:Upload
* Add {{filepath:}} parser function to get full path to an uploaded file,
  complementing {{fullurl:}} for pages.
* (bug 11136) If using Postgres, search path is explicitly set if wgDBmwschema 
  is not set to 'mediawiki', allowing multiple mediawiki instances per user.
* (bug 11151) Add descriptive <title> to revision history page
* (bug 5412) Add feed links for the site to all pages
* (bug 11353) Add ability to retrieve raw section content via action=raw
* (bug 6909) Show relevant deletion log lines when uploading a previously 
  deleted file
* On SkinTemplate based skins (like MonoBook), omit confusing "edit"/"view
  source" tab entirely if the page doesn't exist and the user isn't allowed to
  create it
* Clarify instructions given when an exception is thrown
* AuthPlugin added strictUserAuth() method to allow per-user override
  of the strict() authentication behavior.
* (bug 7872) Deleted revisions can now be viewed as diffs showing changes
  against the previous revision, whether currently deleted or live.
* Added tooltips for the "Go" and "Search" buttons
* (bug 11649) Show input form when Special:Whatlinkshere has no parameters
* isValidEmailAddr hook added to User method of that name, to allow, e.g., re-
  stricting e-mail addresses to a specific domain
* Removed "Clear" link in watchlist editor tools, as people were afraid to
  click it. Existing clear links will fall back to the raw editor, which is
  very easy to clear your watchlist with.
* (bug 1405) Add wgUseNPPatrol option to control patroling for new articles
  on Special:Newpages
* LogLine hook added to allow formatting custom entries in Special:Log.
* Support for Iranian calendar
* (bug 1401) Allow hiding logged-in users, bots and patrolled pages on 
  Special:Newpages
* ChangesListInsertArticleLink hook added for adding extra article info to RC.
* MediaWikiPerformAction hook added for diverting control after the main
  globals have been set up but before any actions have been taken.
* BeforeWatchlist hook added for filtering or replacing watchlist.
* SkinTemplateTabAction hook added for altering the properties of tab links.
* OutputPage::getRedirect public method added.
* (bug 11848) Allow URL parameters 'editintro' and 'preload' in Special:Mypage 
  and Special:Mytalk
* Add ot=raw to Special:Allmessages
* Support for Hebrew calendar
* Support for Hebrew numerals in dates and times
* (bug 11315) Signatures can be configured in [[MediaWiki:Signature]] and
  [[MediaWiki:Signature-anon]]
* Signatures for anonymous users link to Special:Contributions page rather than 
  user page
* Added --override switch for disabled pages in updateSpecialPages.php
* Provide a unique message (ipb_blocked_as_range) if unblock of a single IP 
  fails 
  because it is part of a blocked range.
* (bug 3973) Use a separate message for the email content when an account is 
  created by another user
* dumpTextPass.php can spawn fetchText.php as a subprocess, which should restart
  cleanly if database connections fail unpleasantly.
* (bug 12028) Add Special:Listbots as shortcut for Special:Listusers/bot
* (bug 9633) Add a predefined list of delete reasons to the deletion form
* Show a warning message when creating/editing a user (talk) page but the user
  does not exists
* (bug 8396) Ignore out-of-date serialised message caches
* (bug 12195) Undeleting pages now requires 'undelete' permission

=== Bug fixes in 1.12 ===

* Subpages are now indexed for searching properly when using PostgreSQL
* (bug 3846) Suppress warnings from, e.g. open_basedir when scanning for
  ImageMagick, diff3 et al. during installation [patch by Jan Reininghaus]
* (bug 7027) Shift handling of deletion permissions-checking to
  getUserPermissionsErrors.
* Login and signup forms are now more correct for right-to-left languages.
* (bug 5387) Block log items on RecentChanges don't make use of possible
  translations
* (bug 11211) Pass, as a parameter to the protectedpagetext interface
  message, the level of protection.
* (bug 9611) Supply the blocker and reason for the cantcreateaccounttext
  message.
* (bug 8759) Fixed bug where rollback was allowed on protected pages for wikis
  where rollback is given to non-sysops.
* (bug 8834) Split off permission for editing user JavaScript and CSS from
  editinterface to a new permission key editusercssjs.
* (bug 11266) Set fallback language for Fulfulde (ff) to French
* (bug 11179) Include image version deletion comment in public log
* Fixed notice when accessing special page without read permission and whitelist
  is not defined
* (bug 9252) Fix for tidy funkiness when using editintro mode
* (bug 4021) Fix for MySQL wildcard search
* (bug 10699) Fix for MySQL phrase search
* (bug 11321) Fix width of gallerybox when option "width=xxx" is used
* (bug 7890) Special:BrokenRedirects links deleted redirects to a non-existent 
  page
* Fix initial statistics when installing: add correct values
* (bug 11342) Fix several 'returnto' links in permissions/error pages which
  linked to the main page instead of targetted page
* Strike the link to the redirect rather than using an asterisk in 
  Special:Listredirects
* (bug 11355) Fix false positives in Safe Mode and other config detection
  when boolean settings are disabled with 'Off' via php_admin_value/php_value
* (bug 11292) Fixed unserialize errors with Postgres by creating special Blob 
  object.
* (bug 11363) Make all metadata fields bytea when using Postgres.
* (bug 11331) Add buildConcat() and use CASE not IF for DB compatibility. Make 
  oldimage cascade delete via image table for Postgres, change fa_storage_key 
  TEXT.
* (bug 11438) Live Preview chops returned text
* Show the right message on account creation when the user is blocked
* (bug 11450) Fix creation of objectcache table on upgrade
* Fix namespace selection after submit of Special:Newpages
* Make input form of Special:Newpages nicer for RTL wikis
* (bug 11462) Fix typo in LanguageGetSpecialPageAliases hook name
* (bug 11474) Fix unintentional fall-through in math error handling
* (bug 11478) Fix undefined method call in file deletion interface
* (bug 278) Search results no longer highlight incorrect partial word matches
* Compatibility with incorrectly detected old-style DJVU mime types
* (bug 11560) Fix broken HTML output from weird link nesting in edit comments.
  Nested links (as in image caption text) still don't work _right_ but they're
  less wrong
* (bug 9718) Remove unnecessary css from main.css causing spacing issues on
  some browsers.
* (bug 11574) Add an interface message loginstart, which, similarly to loginend,
  appears just before the login form. Patch by MinuteElectron.
* Do not cache category pages if using 'from' or 'until'
* Created new hook getUserPermissionsErrors, to go with userCan changes.
* Diff pages did not properly display css/js pages.
* (bug 11620) Add call to User::isValidEmailAddr during accout creation.
* (bug 11629) If $wgEmailConfirmToEdit is true, require people to supply an
  email address when registering.
* (bug 11612) Days to show in recent changes cannot be larger than 7
* (bug 11131) Change filearchive width/height columns to int for Postgres
* Support plural in undeleted{revisions,revisions-files,files}
* (bug 11343) If the database is read-only, ensure that undelete fails.
* (bug 11690) Show revert link for page moves in Special:Log to allowed users
  only
* Initial-lowercase prefix checks in namespaceDupes.php now actually work.
* Fix regression in LinkBatch.php breaking PHP 5.0
* (bug 11452) wfMsgExt uses sometimes wrong language object for parsing magic
  words when called with options ''parsemag'' or ''content''. 
* (bug 11727) Support plural in 'historysize' message
* (bug 11744) Incorrect return value from Title::getParentCategories()
* (bug 11762) Fix native language name of Akan (ak)
* (bug 11722) Fix inconsistent case in unprotect tabs
* (bug 11795) Be more paranoid about confirming accept-encoding header is 
  present
* (bug 11809) Use formatNum() for more numbers
* (bug 11818) Fix native language name of Inuktitut (iu)
* Remove all commas when parsing float numbers in sorted tables
* Limit text field of deletion, protection and user rights changes reasons to
  255 characters (already restricted in the database)
* In the deletion default reasons, calculate how much text to get from the
  article text, rather than getting 150 characters (which may be too much)
* Add two messages for Special:Blockme which were used but undefined
* (bug 11921) Support plural in message number_of_watching_users_pageview
* If an IP address is blocked as part of a rangeblock, attempting to unblock
  the single IP should not unblock the entire range.
* (bug 6695) Fix native language name of Southern Sotho (Sesotho) (st)
* Make action=render follow redirects by default
* If restricted read access was enabled, whitelist didn't work with special
  pages which had spaces in theirs names
* If restricted read access was enabled, requests for non-existing special pages
  threw an exception
* Feeds for recent changes now provide correct URLs for the change, not just
  the page
* Check for if IP is blocked as part of a range when unblocking (see above bug-
  fix) was faulty. Now fixed.
* Fixed wpReason URL parameter to action=delete.
* Do not force a password for account creation by email
* Ensure that rate-limiting is applied to rollbacks.
* Make a better rate-limiting error message (i.e. a normal MW error,
  rather than an "Internal Server Error").
* Do not present an image bigger than the source when 'frameless' option is used
  (to be consistent with the 'thumb' option now)
* Support {{PLURAL}} for import log
* Make sure that the correct log entries are shown on Special:Userrights even
  for users with special characters in their names
* The number of watching users in watchlists was always reported as 1
* namespaceDupes.php no longer dies when coming across an illegal title
* (bug 12143) Do not show a link to patrol new pages for non existent pages
* (bug 12166) Fix XHTML validity for Special:Emailuser
* (bug 11346) Users who cannot edit a page can now no longer unprotect it.
* (bug 451) Add a generic Traditional / Simplified Chinese conversion table, 
  instead of a Traditional conversion with Taiwan variant, and a Simplified 
  conversion with China variant.
* (bug 12178) Fix wpReason parameter to action=delete, again.
* Graceful behavior for updateRestrictions.php if a page already has records
  in the page_restrictions matching its old page_restrictions field.
  May help with odd upgrade issues or race condition.
* (bug 11993) Remove contentsub "revision history"

== Parser changes in 1.12 ==

The parser pass order has changed from

   * Extension tag strip and render
   * HTML normalisation and security
   * Template expansion
   * Main section...

to 

   * Template and extension tag parse to intermediate representation
   * Template expansion and extension rendering
   * HTML normalisation and security
   * Main section...

The main effect of this for the user is that the rules for uncovered syntax 
have changed. 

Uncovered main-pass syntax, such as HTML tags, are now generally valid, whereas
previously in some cases they were escaped. For example, you could have "<ta" in
one template, and "ble>" in another template, and put them together to make a
valid <table> tag. Previously the result would have been "&lt;table&gt;". 

Uncovered preprocessor syntax is generally not recognised. For example, if you
have "{{a" in Template:A and "b}}" in Template:B, then "{{a}}{{b}}" will be
converted to a literal "{{ab}}" rather than the contents of Template:Ab. This
was the case previously in HTML output mode, and is now uniformly the case in 
the other modes as well. HTML-style comments uncovered by template expansion
will not be recognised by the preprocessor and hence will not prevent template
expansion within them, but they will be stripped by the following HTML security 
pass.

The rules for template expansion during message transformation were
counterintuitive, mostly accidental and buggy. There are a few small changes in
this version: for example, templates with dynamic names, as in "{{ {{a}} }}",
are fully expanded as they are in HTML mode, whereas previously only the inner
template was expanded. I'd like to make some larger breaking changes to message
transformation, after a review of typical use cases.

The header identification routines for section edit and for numbering section
edit links have been merged. This removes a significant failure mode and fixes a
whole category of bugs (tracked by bug #4899). Wikitext headings uncovered by
template expansion or comment removal will still be rendered into a heading tag,
and will get an entry in the TOC, but will not have a section edit link. 
HTML-style headings will also not have a section edit link. Valid wikitext
headings present in the template source text will get a template section edit 
link. This is a major break from previous behaviour, but I believe the effects 
are almost entirely beneficial.

The main motivation for making these changes was performance. The new two-pass
preprocessor can skip "dead branches" in template expansion, such as unfollowed
#switch cases and unused defaults for template arguments. This provides a
significant performance improvement in template-heavy test cases taken from 
Wikipedia. Parser function hooks can participate in this performance improvement
by using the new SFH_OBJECT_ARGS flag during registration.

The pre-expand include size limit has been removed, since there's no efficient
way to calculate such a figure, and it would now be meaningless for performance
anyway. The "preprocessor node count" takes its place, with a generous default
limit.

The context in which XML-style extension tags are called has changed, so
extensions which make use of the parser state may need compatibility changes.

=== API changes in 1.12 ===

Full API documentation is available at http://www.mediawiki.org/wiki/API

* (bug 11275) Enable descending sort in categorymembers
* (bug 11308) Allow the API to output the image metadata
* (bug 11296) Temporary fix for escaping of ampersands inside links in 
  pretty-printed
  help document.
* (bug 11405) Expand templates implementation in the API
* (bug 11218) Add option to feedwatchlist to display multiple revisions for each
  page.
* (bug 11404) Provide name of exception caught in error code field of internal 
  api error messages.
* (bug 11534) rvendid doesn't work
* Fixed rvlimit of the revisions query to only enforce the lower query limit if
  revision content is requested.
* Include svn revision number (if install is checked-out from svn) in siteinfo 
  query.
* (bug 11173) Allow limited wikicode rendering via api.php
* (bug 11572) API should provide interface for expanding templates
* (bug 11569) Login should return the cookie prefix 
* (bug 11632) Breaking change: Specify the type of a change in the recentchanges
  list as 'edit', 'new', 'log' instead of 0, 1, 2, respectively.
* Compatibility fix for PHP 5.0.x.
* Add rctype parameter to list=recentchanges that filters by type
* Add apprtype and apprlevel parameters to filter list=allpages by protection 
  types and levels
* Add apdir parameter to enable listing all pages from Z to A
* (bug 11721) Use a different title for results than for the help page.
* (bug 11562) Added a user_registration parameter/field to the list=allusers 
  query.
* (bug 11588) Preserve document structure for empty dataset in backlinks query.
* Outputting list of all user preferences rather than having to request them by 
  name
* (bug 11206) api.php should honor maxlag
* Make prop=info check for restrictions in the old format too.
* Add apihighlimits permission, default for sysops and bots
* Add limit=max to use maximal limit
* Add action=parse to render parser output. Use it instead of action=render which is deprecated.
* Add rvtoken=rollback to prop=revisions
* Add meta=allmessages to get messages from site's messages cache.
* Use bold and italics highlighting only in API help
* Added action={block,changerights,delete,move,protect,rollback,unblock,undelete} and list={blocks,deletedrevs}
* Fixed sessionid attribute in action=login
* Standardized limits. Revisions and Deletedrevisions formerly using 200 / 10000, 
  now 500 / 5000, in line with other modules.

=== Languages updated in 1.12 ===

* Afrikaans (af)
* Akan (ak) (new)
* Amharic (am) (new)
* Aragonese (an)
* Old English (ang) (new)
* Arabic (ar)
* Aramaic (arc)
* Mapudungun (arn) (new)
* Assamese (as)
* Asturian (ast)
* Aymara (ay)
* Samogitian (bat-smg)
* Boarisch (bar)
* Bikol Central (bcl)
* Belarusian Taraskievica orthography (be-tarask)
* Bulgarian (bg)
* Bislama (bi) (new)
* Bamanankan (bm)
* Bengali (bn)
* Bishnupriya Manipuri (bpy)
* Breton (br)
* Buginese (bug) (new)
* Catalan (ca)
* Zamboangueño (cbk-zam) (new)
* Min Dong (cdo) (new)
* Chechen (ce)
* Cebuano (ceb) (new)
* Crimean Tatar (Cyrillic) (crh-cyrl) (new)
* Crimean Tatar (Latin) (crh-latn) (new)
* Czech (cs)
* Cassubian (csb)
* Old Church Slavonic (cu)
* Welsh (cy)
* Danish (da)
* German (de)
* Lower Sorbian (dsb) (new)
* Middle Dutch (dum) (new)
* Divehi (dv)
* Ewe (ee) (new)
* Greek (el)
* English (en)
* Spanish (es)
* Estonian (et)
* Euskara (eu)
* Extremaduran (ext)
* Finnish (fi)
* Persian (fa)
* Fulah (ff)
* Võro (fiu-vro)
* Faroese (fo)
* French (fr)
* Cajun French (frc)
* Franco-Provençal (frp)
* Frisian (fy)
* Irish (ga)
* Gön-gnŷ (gan) (new)
* Galician (gl)
* Gilaki (glk) (new)
* Ancient Greek (grc) (new)
* Swiss German (gsw)
* Hakka (hak)
* Hebrew (he)
* Croatian (hr)
* Upper Sorbian (hsb)
* Hungarian (hu)
* Armenian (hy)
* Interlingua (ia)
* Indonesian (id)
* Interlingue (ie) (new)
* Ingush (inh) (new)
* Ido (io) (new)
* Icelandic (is)
* Italian (it)
* Japanese (ja)
* Georgian (ka)
* Kara-Kalpak (kaa)
* Kabyle (kab)
* Kazakh (kk)
* Kannada (kn)
* Korean (ko)
* Kölsch (ksh)
* Kurdish (Latin) (ku-latn)
* Cornish (kw) (new)
* Latin (la)
* Luxembourgish (lb) (new)
* Lak (lbe) (new)
* Limbugian (li)
* Lozi (loz) (new)
* Lingala (ln)
* Lithuanian (lt)
* Malayalam (ml)
* Macedonian (mk)
* Malay (ms)
* Erzya (myv) (new)
* Nahuatl (nah)
* Min-nan (nan)
* Napolitan (nap)
* Low Saxon (nds)
* Dutch Low Saxon (nds-nl)
* Newari (new) (new)
* Dutch (nl)
* Norwegian (no)
* Novial (nov) (new)
* Occitan (oc)
* Deitsch (pdc) (new)
* Polish (pl)
* Piemontèis (pms)
* Pontic (pnt) (new)
* Pashto (ps)
* Portugese (pt)
* Quechua (qu)
* Rhaeto-Romance (rm) (new)
* Romanian (ro)
* Russian (ru)
* Sakha (sah)
* Sardinian (sc)
* Sicilian (scn)
* Scots (sco) (new)
* Sindhi (sd)
* Sassarese (sdc) (new)
* Seri (sei) (new)
* Tachelhit (shi)
* Slovak (sk)
* Serbian (Cyrillic) (sr-ec)
* Swati (ss) (new)
* Saterland Frisian (stq) (new)
* Sundanese (su)
* Swedish (sv)
* Tamil (ta)
* Teluga (te)
* Tetun (tet) (new)
* Tajik (tg)
* Tagalog (tl) (new)
* Turkish (tr)
* Tuvinian (tyv)
* Uyghur (ug)
* Uzbek (uz)
* Venitian (vec)
* Vietnamese (vi)
* West Flemish (vls)
* Volapük (vo)
* Walloon (wa)
* Wolof (wo)
* Wu (wuu) (new)
* Yiddish (yi)
* Cantonese (yue)
* Zhuang (za)
* Zealandic (zea)
* Chinese (zh)
* Old Chinese/Late Time Chinese (zh-classical)
* Chinese (Simplified) (zh-hans)
* Chinese (Traditional) (zh-hant)
* Chinese (Taiwan) (zh-tw)

== Compatibility ==

MediaWiki 1.12 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported.

PHP 5.0.x fails on 64-bit systems due to serious bugs with array processing:
http://bugs.php.net/bug.php?id=34879
Upgrade affected systems to PHP 5.1 or higher.

MySQL 3.23.x is no longer supported; some older hosts may need to upgrade.
At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.


== Upgrading ==

1.12 has several database changes since 1.11, and will not work without schema
updates.

If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
new database fields are filled with data.

If you are upgrading from MediaWiki 1.4.x or earlier, some major database
changes are made, and there is a slightly higher chance that things could
break. Don't forget to always back up your database before upgrading!

See the file UPGRADE for more detailed upgrade instructions.


=== Caveats ===

Some output, particularly involving user-supplied inline HTML, may not
produce 100% valid or well-formed XHTML output. Testers are welcome to
set $wgMimeType = "application/xhtml+xml"; to test for remaining problem
cases, but this is not recommended on live sites. (This must be set for
MathML to display properly in Mozilla.)

For notes on 1.11.x and older releases, see HISTORY.


=== Online documentation ===

Documentation for both end-users and site administrators is currently being
built up on MediaWiki.org, and is covered under the GNU Free Documentation
License (except for pages that explicitly state that their contents are in
the public domain) :

  http://www.mediawiki.org/wiki/Documentation


=== Mailing list ===

A MediaWiki-l mailing list has been set up distinct from the Wikipedia
wikitech-l list:

  http://lists.wikimedia.org/mailman/listinfo/mediawiki-l

A low-traffic announcements-only list is also available:

  http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce

It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.


=== IRC help ===

There's usually someone online in #mediawiki on irc.freenode.net