This is a list of known events and parameters; please add to it if you're going
to add events to the MediaWiki code.
-'AbortAutoAccount': Return false to cancel automated local account creation,
-where normally authentication against an external auth plugin would be creating
-a local account.
+'AbortAutoAccount': DEPRECATED! Create a PreAuthenticationProvider instead.
+Return false to cancel automated local account creation, where normally
+authentication against an external auth plugin would be creating a local
+account.
$user: the User object about to be created (read-only, incomplete)
&$abortMsg: out parameter: name of error message to be displayed to user
$autoblockip: The IP going to be autoblocked.
&$block: The block from which the autoblock is coming.
-'AbortChangePassword': Return false to cancel password change.
-$user: the User object to which the password change is occuring
-$mOldpass: the old password provided by the user
-$newpass: the new password provided by the user
-&$abortMsg: the message identifier for abort reason
-
'AbortDiffCache': Can be used to cancel the caching of a diff.
&$diffEngine: DifferenceEngine object
$title: The Title of the page that was edited.
$rc: The current RecentChange object.
-'AbortLogin': Return false to cancel account login.
+'AbortLogin': DEPRECATED! Create a PreAuthenticationProvider instead.
+Return false to cancel account login.
$user: the User object being authenticated against
$password: the password being submitted, not yet checked for validity
&$retval: a LoginForm class constant to return from authenticateUserData();
&$msg: the message identifier for abort reason (new in 1.18, not available
before 1.18)
-'AbortNewAccount': Return false to cancel explicit account creation.
+'AbortNewAccount': DEPRECATED! Create a PreAuthenticationProvider instead.
+Return false to cancel explicit account creation.
$user: the User object about to be created (read-only, incomplete)
&$msg: out parameter: HTML to display on abort
&$status: out parameter: Status object to return, replaces the older $msg param
&$fields: HTMLForm descriptor array
$article: Article object
-'AddNewAccount': After a user account is created.
+'AddNewAccount': DEPRECATED! Use LocalUserCreated.
+After a user account is created.
$user: the User object that was created. (Parameter added in 1.7)
$byEmail: true when account was created "by email" (added in 1.12)
&$message: API usage message to die with, as a message key or array
as accepted by ApiBase::dieUsageMsg.
-'APIEditBeforeSave': Before saving a page with api.php?action=edit, after
+'APIEditBeforeSave': DEPRECATED! Use EditFilterMergedContent instead.
+Before saving a page with api.php?action=edit, after
processing request parameters. Return false to let the request fail, returning
an error message or an <edit result="Failure"> tag if $resultArr was filled.
Unlike for example 'EditFilterMergedContent' this also being run on undo.
+Since MediaWiki 1.25, 'EditFilterMergedContent' can also return error details
+for the API and it's recommended to use it instead of this hook.
$editPage: the EditPage object
-$text: the new text of the article (has yet to be saved)
+$text: the text passed to the API. Note that this includes only the single
+ section for section edit, and is not necessarily the final text in case of
+ automatically resolved edit conflicts.
&$resultArr: data in this array will be added to the API result
'ApiFeedContributions::feedItem': Called to convert the result of ContribsPager
$apiMain: Calling ApiMain instance.
$e: Exception object.
+'ApiMakeParserOptions': Called from ApiParse and ApiExpandTemplates to allow
+extensions to adjust the ParserOptions before parsing.
+$options: ParserOptions object
+$title: Title to be parsed
+$params: Parameter array for the API module
+$module: API module (which is also a ContextSource)
+&$reset: Set to a ScopedCallback used to reset any hooks after the parse is done.
+&$suppressCache: Set true if cache should be suppressed.
+
'ApiOpenSearchSuggest': Called when constructing the OpenSearch results. Hooks
can alter or append to the array.
&$results: array with integer keys to associative arrays. Keys in associative
revisions of an article.
$title: Title object of the article
$ids: Ids to set the visibility for
+$visibilityChangeMap: Map of revision id to oldBits and newBits. This array can be
+ examined to determine exactly what visibility bits have changed for each
+ revision. This array is of the form
+ [id => ['oldBits' => $oldBits, 'newBits' => $newBits], ... ]
'ArticleRollbackComplete': After an article rollback is completed.
$wikiPage: the WikiPage that was edited
redirect was followed.
&$article: target article (object)
+'AuthChangeFormFields': After converting a field information array obtained
+from a set of AuthenticationRequest classes into a form descriptor; hooks
+can tweak the array to change how login etc. forms should look.
+$requests: array of AuthenticationRequests the fields are created from
+$fieldInfo: field information array (union of all AuthenticationRequest::getFieldInfo() responses).
+&$formDescriptor: HTMLForm descriptor. The special key 'weight' can be set
+ to change the order of the fields.
+$action: one of the AuthManager::ACTION_* constants.
+
+'AuthManagerLoginAuthenticateAudit': A login attempt either succeeded or failed
+for a reason other than misconfiguration or session loss. No return data is
+accepted; this hook is for auditing only.
+$response: The MediaWiki\Auth\AuthenticationResponse in either a PASS or FAIL state.
+$user: The User object being authenticated against, or null if authentication
+ failed before getting that far.
+$username: A guess at the user name being authenticated, or null if we can't
+ even determine that.
+
'AuthPluginAutoCreate': DEPRECATED! Use the 'LocalUserCreated' hook instead.
Called when creating a local account for an user logged in from an external
authentication method.
$user: User object created locally
-'AuthPluginSetup': Update or replace authentication plugin object ($wgAuth).
-Gives a chance for an extension to set it programmatically to a variable class.
+'AuthPluginSetup': DEPRECATED! Extensions should be updated to use AuthManager.
+Update or replace authentication plugin object ($wgAuth). Gives a chance for an
+extension to set it programmatically to a variable class.
&$auth: the $wgAuth object, probably a stub
'AutopromoteCondition': Check autopromote condition for user.
'BlockIpComplete': After an IP address or user is blocked.
$block: the Block object that was saved
$user: the user who did the block (not the one being blocked)
+$priorBlock: the Block object for the prior block or null if there was none
'BookInformation': Before information output on Special:Booksources.
$isbn: ISBN to show information for
'CategoryAfterPageRemoved': After a page is removed from a category.
$category: Category that page was removed from
$wikiPage: WikiPage that was removed
+$id: the page ID (original ID in case of page deletions)
'CategoryPageView': Before viewing a categorypage in CategoryPage::view.
&$catpage: CategoryPage instance
&$link: Returned value. When set to a non-null value by a hook subscriber
this value will be used as the anchor instead of Linker::link
-'ChangePasswordForm': For extensions that need to add a field to the
-ChangePassword form via the Preferences form.
+'ChangeAuthenticationDataAudit': Called when user changes his password.
+No return data is accepted; this hook is for auditing only.
+$req: AuthenticationRequest object describing the change (and target user)
+$status: StatusValue with the result of the action
+
+'ChangePasswordForm': DEPRECATED! Use AuthChangeFormFields or security levels.
+For extensions that need to add a field to the ChangePassword form via the
+Preferences form.
&$extraFields: An array of arrays that hold fields like would be passed to the
pretty function.
&$data: An array with all the components that will be joined in order to create the line
$block: An array of RecentChange objects in that block
$rc: The RecentChange object for this line
+&$classes: An array of classes to change
'EnhancedChangesListModifyBlockLineData': to alter data used to build
a non-grouped recent change line in EnhancedChangesList.
$out: The output page.
$cssClassName: CSS class name of the language selector.
-'LinkBegin': Used when generating internal and interwiki links in
+'LinkBegin': DEPRECATED! Use HtmlPageLinkRendererBegin instead.
+Used when generating internal and interwiki links in
Linker::link(), before processing starts. Return false to skip default
processing and return $ret. See documentation for Linker::link() for details on
the expected meanings of parameters.
&$options: array of options. Can include 'known', 'broken', 'noclasses'.
&$ret: the value to return if your hook returns false.
-'LinkEnd': Used when generating internal and interwiki links in Linker::link(),
+'LinkEnd': DEPRECATED! Use HtmlPageLinkRendererEnd hook instead
+Used when generating internal and interwiki links in Linker::link(),
just before the function returns a value. If you return true, an <a> element
with HTML attributes $attribs and contents $html will be returned. If you
return false, $ret will be returned.
&$attribs: the attributes to be applied
&$ret: the value to return if your hook returns false
+'HtmlPageLinkRendererBegin':
+Used when generating internal and interwiki links in
+LinkRenderer, before processing starts. Return false to skip default
+processing and return $ret.
+$linkRenderer: the LinkRenderer object
+$target: the LinkTarget that the link is pointing to
+&$html: the contents that the <a> tag should have (raw HTML); null means
+ "default".
+&$customAttribs: the HTML attributes that the <a> tag should have, in
+ associative array form, with keys and values unescaped. Should be merged
+ with default values, with a value of false meaning to suppress the
+ attribute.
+&$query: the query string to add to the generated URL (the bit after the "?"),
+ in associative array form, with keys and values unescaped.
+&$ret: the value to return if your hook returns false.
+
+'HtmlPageLinkRendererEnd':
+Used when generating internal and interwiki links in LinkRenderer,
+just before the function returns a value. If you return true, an <a> element
+with HTML attributes $attribs and contents $html will be returned. If you
+return false, $ret will be returned.
+$linkRenderer: the LinkRenderer object
+$target: the LinkTarget object that the link is pointing to
+$isKnown: boolean indicating whether the page is known or not
+&$html: the final (raw HTML) contents of the <a> tag, after processing.
+&$attribs: the final HTML attributes of the <a> tag, after processing, in
+ associative array form.
+&$ret: the value to return if your hook returns false.
+
'LinksUpdate': At the beginning of LinksUpdate::doUpdate() just before the
actual update.
&$linksUpdate: the LinksUpdate object
&$messages: Already added messages (inclusive messages from
LoginForm::$validErrorMessages)
-'LoginPasswordResetMessage': User is being requested to reset their password on
-login. Use this hook to change the Message that will be output on
-Special:ChangePassword.
-&$msg: Message object that will be shown to the user
-$username: Username of the user who's password was expired.
-
-'LoginUserMigrated': Called during login to allow extensions the opportunity to
-inform a user that their username doesn't exist for a specific reason, instead
-of letting the login form give the generic error message that the account does
-not exist. For example, when the account has been renamed or deleted.
+'LoginUserMigrated': DEPRECATED! Create a PreAuthenticationProvider instead.
+Called during login to allow extensions the opportunity to inform a user that
+their username doesn't exist for a specific reason, instead of letting the
+login form give the generic error message that the account does not exist. For
+example, when the account has been renamed or deleted.
$user: the User object being authenticated against.
&$msg: the message identifier for abort reason, or an array to pass a message
key and parameters.
&$parser: Parser object
&$varCache: variable cache (array)
-'ParserLimitReport': DEPRECATED! Use ParserLimitReportPrepare and
-ParserLimitReportFormat instead.
+'ParserLimitReport': DEPRECATED! Use ParserLimitReportPrepare instead.
Called at the end of Parser:parse() when the parser will
include comments about size of the text parsed.
$parser: Parser object
&$limitReport: text that will be included (without comment tags)
-'ParserLimitReportFormat': Called for each row in the parser limit report that
-needs formatting. If nothing handles this hook, the default is to use "$key" to
-get the label, and "$key-value" or "$key-value-text"/"$key-value-html" to
-format the value.
-$key: Key for the limit report item (string)
-&$value: Value of the limit report item
-&$report: String onto which to append the data
-$isHTML: If true, $report is an HTML table with two columns; if false, it's
- text intended for display in a monospaced font.
-$localize: If false, $report should be output in English.
-
'ParserLimitReportPrepare': Called at the end of Parser:parse() when the parser
will include comments about size of the text parsed. Hooks should use
$output->setLimitReportData() to populate data. Functions for this hook should
$page: the WikiPage of the candidate edit
$content: the Content object of the candidate edit
$output: the ParserOutput result of the candidate edit
+$summary: the change summary of the candidate edit
+$user: the User considering the edit
'PasswordPoliciesForUser': Alter the effective password policy for a user.
$user: User object whose policy you are modifying
$oldaddr: old email address (string)
$newaddr: new email address (string)
-'PrefsPasswordAudit': Called when user changes his password.
-$user: User (object) changing his password
-$newPass: new password
-$error: error (string) 'badretype', 'wrongpassword', 'error' or 'success'
-
'ProtectionForm::buildForm': Called after all protection type fieldsets are made
in the form.
$article: the title being (un)protected
&$skin: A variable reference you may set a Skin instance or string key on to
override the skin that will be used for the context.
+'RequestHasSameOriginSecurity': Called to determine if the request is somehow
+flagged to lack same-origin security. Return false to indicate the lack. Note
+if the "somehow" involves HTTP headers, you'll probably need to make sure
+the header is varied on.
+$request: The WebRequest object.
+
'ResetPasswordExpiration': Allow extensions to set a default password expiration
$user: The user having their password expiration reset
&$newExpire: The new expiration date
$title: Current Title object being displayed in search results.
&$id: Revision ID (default is false, for latest)
+'SearchIndexFields': Add fields to search index mapping.
+&$fields: Array of fields, all implement SearchIndexField
+$engine: SearchEngine instance for which mapping is being built.
+
+'SearchDataForIndex': Add data to search document. Allows to add any data to
+the field map used to index the document.
+&$fields: Array of name => value pairs for fields
+$handler: ContentHandler for the content being indexed
+$page: WikiPage that is being indexed
+$output: ParserOutput that is produced from the page
+$engine: SearchEngine for which the indexing is intended
+
'SecondaryDataUpdates': Allows modification of the list of DataUpdates to
perform when page content is modified. Currently called by
AbstractContent::getSecondaryDataUpdates.
&$updates: a list of DataUpdate objects, to be modified or replaced by
the hook handler.
+'SecuritySensitiveOperationStatus': Affect the return value from
+MediaWiki\Auth\AuthManager::securitySensitiveOperationStatus().
+&$status: (string) The status to be returned. One of the AuthManager::SEC_*
+ constants. SEC_REAUTH will be automatically changed to SEC_FAIL if
+ authentication isn't possible for the current session type.
+$operation: (string) The operation being checked.
+$session: (MediaWiki\Session\Session) The current session. The
+ currently-authenticated user may be retrieved as $session->getUser().
+$timeSinceAuth: (int) The time since last authentication. PHP_INT_MAX if
+ the time of last auth is unknown, or -1 if authentication is not possible.
+
'SelfLinkBegin': Called before a link to the current article is displayed to
allow the display of the link to be customized.
$nt: the Title object
$user: User object representing user contributions are being fetched for
$sp: SpecialPage instance, providing context
+'SpecialContributions::formatRow::flags': Called before rendering a
+Special:Contributions row.
+$context: IContextSource object
+$row: Revision information from the database
+&$flags: List of flags on this row
+
'SpecialContributions::getForm::filters': Called with a list of filters to render
on Special:Contributions.
$sp: SpecialContributions object, for context
canceled and a normal search will be performed. Returning true without setting
$url does a standard redirect to $title. Setting $url redirects to the
specified URL.
-$term - The string the user searched for
-$title - The title the 'go' feature has decided to forward the user to
-&$url - Initially null, hook subscribers can set this to specify the final url to redirect to
+$term: The string the user searched for
+$title: The title the 'go' feature has decided to forward the user to
+&$url: Initially null, hook subscribers can set this to specify the final url to redirect to
'SpecialSearchNogomatch': Called when user clicked the "Go" button but the
target doesn't exist.
&$radio: Boolean, if source type should be shown as radio button
$selectedSourceType: The selected source type
-'UploadVerification': Additional chances to reject an uploaded file. Consider
-using UploadVerifyFile instead.
+'UploadVerification': DEPRECATED! Use UploadVerifyFile instead.
+Additional chances to reject an uploaded file.
$saveName: (string) destination file name
$tempName: (string) filesystem path to the temporary file for checks
&$error: (string) output: message key for message to show if upload canceled by
$upload: (object) an instance of UploadBase, with all info about the upload
$mime: (string) The uploaded file's MIME type, as detected by MediaWiki.
Handlers will typically only apply for specific MIME types.
-&$error: (object) output: true if the file is valid. Otherwise, an indexed array
- representing the problem with the file, where the first element is the message
- key and the remaining elements are used as parameters to the message.
+&$error: (object) output: true if the file is valid. Otherwise, set this to the reason
+ in the form of array( messagename, param1, param2, ... ) or a MessageSpecifier
+ instance (you might want to use ApiMessage to provide machine-readable details
+ for the API).
+
+'UploadVerifyUpload': Upload verification, based on both file properties like
+MIME type (same as UploadVerifyFile) and the information entered by the user
+(upload comment, file page contents etc.).
+$upload: (object) An instance of UploadBase, with all info about the upload
+$user: (object) An instance of User, the user uploading this file
+$props: (array) File properties, as returned by FSFile::getPropsFromPath()
+$comment: (string) Upload log comment (also used as edit summary)
+$pageText: (string) File description page text (only used for new uploads)
+&$error: output: If the file upload should be prevented, set this to the reason
+ in the form of array( messagename, param1, param2, ... ) or a MessageSpecifier
+ instance (you might want to use ApiMessage to provide machine-readable details
+ for the API).
'UserIsBot': when determining whether a user is a bot account
$user: the user
&$user: User (object) that will clear the message
$oldid: ID of the talk page revision being viewed (0 means the most recent one)
-'UserCreateForm': change to manipulate the login form
+'UserCreateForm': DEPRECATED! Create an AuthenticationProvider instead.
+Manipulate the login form.
&$template: SimpleTemplate instance for the form
'UserEffectiveGroups': Called in User::getEffectiveGroups().
&$user: User object
$ip: User's IP address
&$blocked: Whether the user is blocked, to be modified by the hook
+&$block: The Block object, to be modified by the hook
'UserIsEveryoneAllowed': Check if all users are allowed some user right; return
false if a UserGetRights hook might remove the named right.
'UserLoggedIn': Called after a user is logged in
$user: User object for the logged-in user
-'UserLoginComplete': After a user has logged in.
+'UserLoginComplete': Show custom content after a user has logged in via the web interface.
+For functionality that needs to run after any login (API or web) use UserLoggedIn.
&$user: the user object that was created on login
&$inject_html: Any HTML to inject after the "logged in" message.
+$direct: (bool) The hook is called directly after a successful login. This will only happen once
+ per login. A UserLoginComplete call with direct=false can happen when the user visits the login
+ page while already logged in.
-'UserLoginForm': change to manipulate the login form
-&$template: SimpleTemplate instance for the form
+'UserLoginForm': DEPRECATED! Create an AuthenticationProvider instead.
+Manipulate the login form.
+&$template: QuickTemplate instance for the form
'UserLogout': Before a user logs out.
&$user: the user object that is about to be logged out