Release notes/1.18

From mediawiki.org

MediaWiki 1.18[edit]

Security reminder: MediaWiki does not require PHP's register_globals setting since version 1.2.0. If you have it on, turn it off if you can.

MediaWiki 1.18.6[edit]

2012-11-29

This is a maintenance and security release of the MediaWiki 1.18 branch

Changes since 1.18.5[edit]

  • (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391)
  • (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit
  • Localisation updates
  • Increase permitted runtime for testParserTest
  • (bug 36179) Unquote 'null' for PostgreSQL.

MediaWiki 1.18.5[edit]

2012-08-30

This is a security release of the MediaWiki 1.18 branch

Changes since 1.18.4[edit]

  • (bug 39700) File: link to non-existing file can inject html
  • (bug 39823) Hidden block text leaking to admins
  • (bug 39184) LDAP password leakage
  • (bug 39180) Disallow framing of api results
  • (bug 37587) Enforce language codes to be html safe
  • (bug 39824) Check global blocks on account creation

MediaWiki 1.18.4[edit]

2012-06-12

This is a security release of the MediaWiki 1.18 branch.

Changes since 1.18.3[edit]

  • (bug 36938) Correctly escape uselang attribute to prevent xss
  • Expanded Blacklist for SVG Files

MediaWiki 1.18.3[edit]

2012-04-25

This is a maintenance release of the MediaWiki 1.18 branch.

Changes since 1.18.2[edit]

2012-04-25

  • (bug 35446) Using "{{nse:}}" with an invalid namespace name no longer throws a PHP warning.
  • (bug 35567) The whole password reminder e-mail is now sent in the same language.
  • (bug 35961) Hash comparison should always be strict.
  • (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php on line 598.
  • Fix broken email confirmation expiration caused by MWCryptRand changes.

MediaWiki 1.18.2[edit]

2012-03-21

This is a maintenance and security release of the MediaWiki 1.18 branch.

Changes since 1.18.1[edit]

  • (bug 33686) could not get a list of contributor for an article when using a SQLite database.
  • (Bug 33865) Exception thrown in action=parse when attempting to use the title parameter without setting the text parameter.
  • UserMailer could potentially throw a fatal error when a MailAddress object had an empty email address.
  • (Bug 33087) Exchange server rejected mail sent by MediaWiki
  • (bug 34528) Edit section tooltips show correction section name again
  • (bug 34246) MediaWiki:Whatlinkshere-summary message is displayed again in Special:Whatlinkshere
  • (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in core parser functions which operate on strings, such as formatnum.
  • (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token parameter present.
  • (bug 34907) Fixed exposure of tokens through load.php that could have facilitated CSRF attacks.
  • (bug 35317) CSRF in Special:Upload.

MediaWiki 1.18.1[edit]

2012-01-11

This a maintenance and security release of the MediaWiki 1.18 branch.

Changes since 1.18.0[edit]

  • (bug 32712) Fix for search indexing of pages with certain unicode chars following URL
  • (bug 3901) Lang, hreflang attribs added to sidebar interlanguage links for screen readers
  • (bug 30774) mediawiki.html: Add support for numbers and booleans in the attribute values and element contents.
  • (bug 32473) [[Special:PasswordReset]] can not be used on private wiki.
  • (bug 32853) Fixed CACHE_DBA object cache type.
  • (bug 32786) Backward compatibility for extension using 1.17's Database::newFromType()
  • Fixed exception when using Special:WhatLinksHere on a Media: file
  • (bug 32709) Private Wiki users were always taken to Special:Badtitle on login
  • (bug 33240) Sort images are missing but referenced in css.

MediaWiki 1.18[edit]

2011-11-24

This is the first stable release of the MediaWiki 1.18 branch.

Summary of selected changes in 1.18[edit]

Selected changes since MediaWiki 1.17 that may be of interest:

  • Some of the more commonly used MediaWiki extensions are now included in the release tarball. These extensions are ConfirmEdit, Gadgets, Nuke, ParserFunctions, Renameuser, Vector and WikiEditor.
  • Gender support has been improved, meaning user pages can display the correct gender variant of "User" can now be used.
  • MediaWiki can now detect the camera orientation of an image from the Exif metadata, and can rotate the image thumbnail appropriately. Metadata support has been generally improved, and can now extract IPTC and XMP metadata.
  • Improved directionality support in 1.18 means that MediaWiki is better to use for RTL users.
  • MediaWiki now supports protocol - relative URLs in links, interwiki targets and $wgServer
  • Math support has been removed from core

Changes since 1.18.0rc1[edit]

  • (bug 32228) regression in Special:Search which did not conserve profile on new search
  • (bug 32460) Categories were improperly aligned in Simple and CologneBlue
  • (bug 32412) TOC links on [[Special:EditWatchlist]] points to the fieldsets
  • (bug 32582) Fix TOC show/hide link regression on IE 8

Changes since 1.18 beta 1[edit]

  • (bug 31886) Wrong titles redirecting to Special:Badtitle in the 1.18 deployment.
  • (bug 32051) Fix description for wlprop=sizes.
  • (bug 31913) Special:MostLinkedTemplates had an incorrect GROUP BY clause under Microsoft SQL.
  • (bug 32100) installer complains about suhosin GET limit.
  • (bug 31933) fix 1.18 regression in Monobook sidebar: huge spacing between portlets on IE 7 and IE 8/9 in compatibility view.
  • (bug 32126) Fix 1.18 regression in watchlist editor when items already removed from watchlist.
  • (bug 32183) remove the client-* classes added from user-agent-sniffing onto the <html> element.
  • (bug 29912) Unit tests break if parsertest tables are still present.
  • (bug 31694) During installation, tabbing order (cursor focus) goes to logo instead of 'continue'.
  • (bug 29102) Upgrade fails "Unknown character set: 'mysql4".
  • (bug 31990) justify paragraphs pref adds extra space to category listing.
  • (bug 20148) Better title for [[Special:Disambiguations]] page.
  • (bug 31502) TOC is missing on Special:EditWatchlist.
  • (bug 32256) API list=search stops at first invalid result.
  • (bug 32047) jquery.tablesorter.js: thead is before caption.
  • (bug 29854) Store protocol-relative links twice in the externallinks table, one with http: in el_index and once with https.
  • (bug 31822) Error during upgrade due to output buffer reset in stdout.

Configuration changes in 1.18[edit]

  • The WantedPages::getSQL hook has been removed and replaced with WantedPages::getQueryInfo. This may break older extensions.
  • The SkinTemplateBuildContentActionUrlsAfterSpecialPage, SkinTemplateContentActions and SkinTemplateTabs hooks have been removed in favor of SkinTemplateNavigation and SkinTemplateNavigation::SpecialPage.
  • $wgUseCombinedLoginLink controls whether to output a combined login / create account link in the personal bar, or to output separate login and create account links.
  • Skin names are no longer created based on a ucfirst version of the key in $wgValidSkinNames but now the value. This means for $wgValidSkinNames ["monobook"] = "MonoBook"; the skin loader will no longer try loading SkinMonobook and will instead load SkinMonoBook.
  • $wgMaxUploadSize may now be set to an array to specify the upload size limit per upload type.
  • $wgAPICacheHelp added in 1.16 is now removed. To disable API help caching, set $wgAPICacheHelpTimeout = 0;
  • OutputPage::isUserJsAllowed() no longer returns false when scripts are allowed by the page, but $wgAllowUserJs is set to false.
  • Pure "Skin" class based custom skins are no longer supported, all custom skins should be put together using SkinTemplate and BaseTemplate or QuickTemplate.
  • The transliteration for passwords in case they were migrated from an old Latin-1 install (previous to MediaWiki 1.5) is now only done for wikis with $wgLegacyEncoding set.
  • (bug 27508) Add $wgSVGMetadataCutoff to limit the maximum amount of an SVG we look at when finding metadata to prevent excessive resource usage.
  • $wgSysopUserBans and $wgSysopRangeBans (deprecated in 1.17) are now removed. Use $wgBlockCIDRLimit = array( 'IPv4' => 43, 'IPv6' => 128 ) to achieve the same functionality as $wgSysopRangeBans ; you can use the BlockIp hook to replicate $wgSysopUserBans functionality.
  • The options on the block form have been standardised such that checking a box makes the block 'more serious'; so while "check to prevent account creation" and "check to enable autoblock" remain the same, "check to allow user-talk edit" is reversed to "check to *disable* user-talk edit", and "check to block anon-only" becomes "check to block logged-in users too". The default settings remain the same.
  • Most of the field names on the Special:Block form have been changed, which will probably break screen-scraping bots.
  • (bug 26866) The 'trackback' right is no longer granted to sysops by default. $wgUseTrackbacks is already false by default.
  • (bug 17009) the hiddenStructure CSS class, a highly hackish way of at least *appearing* to hide article elements, has been removed. Use the ParserFunctions extension to actually remove unwanted elements from the output.
  • (bug 14202) $wgUseTeX has been superseded by the Math extension. To re-enable math conversion after upgrading, obtain the Math extension from SVN or from Extension:Math and add to LocalSettings.php: require_once "$IP/extensions/Math/Math.php";
  • $wgProfiler is now a configuration array, see StartProfiler.sample for details.
  • $wgProfiling has been removed.
  • The spyc library is now no longer included in phase3.
  • (bug 28343) Unused preferences contextlines/contextchars have been removed
  • $wgSkinExtensionFunctions has been removed. Use $wgExtensionFunctions instead.
  • $wgProto has been removed. You now only need to set $wgServer to change the URL protocol.
  • $wgRateLimitsExcludedGroups (deprecated in 1.13) has been removed.
  • $wgInputEncoding and $wgOutputEncoding (deprecated in 1.5) have now been removed.
  • $wgAllowUserSkin (deprecated in 1.16) has now been removed.
  • $wgExtraRandompageSQL (deprecated in 1.16) has now been removed.
  • LogReader and LogViewer classes (deprecated in 1.14) have now been removed.
  • (bug 26033) Added $wgArticleCountMethod to select the method to use to say whether a page is an article or not. $wgUseCommaCount is now deprecated.
  • $wgEnableDublinCoreRdf and $wgEnableCreativeCommonsRdf no longer work in core, and the functionality has been moved to the relevant extensions. See Extension:DublinCoreRdf and Extension:CreativeCommonsRdf as appropriate.
  • (bug 21107) Split error "customcssjsprotected" into separate messages for JS and CSS
  • Removed $wgCheckCopyrightUpload from DefaultSettings, since the relevant feature was removed in about 1.5.
  • LogPageValidTypes, LogPageLogName, LogPageLogHeader and LogPageActionText hooks have been removed.
  • New hook "Collation::factory" to allow extensions to create custom category collations.
  • $wgGroupPermissions now supports per namespace permissions.
  • $wgEnableAutoRotation enables or disables auto-rotation. Leaving it set to null will cause MediaWiki to determine if auto-rotation is available.

New features in 1.18[edit]

  • BREAKING CHANGE: action=watch / action=unwatch now requires a token.
  • BREAKING CHANGE: Article class heirarchy split into WikiPage (backend). and Article (frontend) hierarchies. Several hooks now pass a WikiPage object instead of an Article object. These hooks all use an $article paramater as documented in hooks.txt. Extensions should be updated to account for this, though most won't require any changes.
  • (bug 27860) Minor edit after clicking 'new section' tab Now the "This is a minor edit" checkbox is not available when you create a page or new section.
  • (bug 8130) Query pages should limit to content namespaces, not just main namespace.
  • Search suggestions (other than in the Vector skin) will now use the HTML5 datalist feature where supported, currently only Firefox 4.
  • Special:Contribs now redirects to Special:Contributions.
  • (bug 6672) Images are now autorotated according to their EXIF orientation. This only affects thumbnails; the source remains unrotated.
  • (bug 25708) Update case mappings and normalization to Unicode 6.0.0.
  • New hook ArticlePrepareTextForEdit added, called when preparing text to be saved.
  • New parser option PreSaveTransform added, allows the pre-save transformation to be selectively disabled.
  • Alternative to $wgHooks implemented, using the new Hooks class.
  • Add width parameter to Special:Filepath to allow getting the file path of a thumbnail.
  • (bug 26870) Add size to {{filepath:}}.
  • Upload warnings now show a thumbnail of the uploaded file.
  • Introduced the edittools-upload message, which will be inserted under the upload form instead of edittools if available.
  • (bug 26285) Extensions will be automatically generated on upload if the user specified a filename without extension.
  • (bug 26851) Special:UserRights now allows to prefill the reason field
  • New maintenance script to fix double redirects (maintenance/fixDoubleRedirects.php).
  • (bug 23315) New body classes to allow easier styling of special pages.
  • (bug 27159) Make email confirmation code expiration time configurable.
  • (bug 29047) CSS/JS for each user group is imported from MediaWiki:Group-sysop.js, MediaWiki:Group-autoconfirmed.css, etc.
  • (bug 24230) Uploads of ZIP types, such as MS Office or OpenOffice can now be safely enabled. A ZIP file reader was added which can scan a ZIP file for potentially dangerous Java applets. This allows applets to be blocked specifically, rather than all ZIP files being blocked.
  • (bug 2429) Allow selection of associated namespace in recent changes.
  • (bug 26217) File size is now checked before uploading in HTML5 browsers.
  • CSS stylesheet MediaWiki:Noscript.css is now loaded for users with JavaScript disabled (enclosed in the head in a <noscript> tag).
  • Added UserGetLanguageObject hook to change the language used in $wgLang .
  • (bug 14645) When $wgMiserMode is on, expensive special pages are styled differently (italicized by default) on Special:SpecialPages.
  • Added $wgAggregateStatsID , which allows UDP stats to be aggregated over several wikis.
  • When $wgAllowMicrodataAttributes is true, all itemtypes are allowed, not just the three that were defined in the original specification.
  • (bug 14706) Added support for the Imagick PHP extension.
  • (bug 18691) Added support for SVG rasterization using the Imagick PHP extension.
  • (bug 2581, bug 6834) Added links to thumbnail in several resolutions to the file description page. The sizes are set by $wgImageLimits .
  • (bug 28031) Add pageCount support to ArchivedFile.
  • (bug 27924) PhpHttpRequest doesn't return response body if HTTP != 200.
  • Added hook BitmapHandlerTransform to allow extension to transform a file without overriding the entire handler.
  • The parser now attempts to output markers for editsection tokens and defer the rendering of them post-cache to reduce parser cache fragmentation and ensure skin customizability of edit section links.
  • (bug 24755) AuthPlugin auto-creation of local accounts can now be aborted by other extensions by handling the 'AbortAutoAccount' hook, similar to the 'AbortNewAccount' triggered by explicit account creations. (They are separate to avoid loops and confusion; auth plugins like CentralAuth need to handle AbortNewAccount separately.
  • Special:ListFiles is now transcludable.
  • (bug 13879) Special:Emailuser asks for suitable target user if called without.
  • (bug 16956) IPTC and XMP metadata now extracted from images.
  • (bug 23816) A tracking category is now added for any pages with broken images.
  • (bug 23495) Allow createAndPromote.php to create non-sysop users.
  • (bug 28916) A way to to toggle mw.config legacy globals settings from LocalSettings.php has been created by introducing $wgLegacyJavaScriptGlobals .
  • (bug 28503) Support for ircs:// URL protocols.
  • (bug 26033) It is now possible to count all non-redirect pages in content namespaces as articles.
  • Images can now be embedded in an XML dump stream using backupDump.php --include-files and can be imported using importDump.php --uploads; furthermore, it can import files from the filesystem using --image-base-path.
  • Three new hooks in Special:Undelete, 'UndeleteForm::showHistory', 'UndeleteForm::showRevision' and 'UndeleteForm::undelete', so that extensions may override the usage of PageArchive class and replace it with their own class that extends PageArchive.
  • (bug 28915) Implement QUnit test suite for MediaWiki JavaScript. Also built-in support for distribution through a TestSwarm instance.
  • (bug 29036) For cascade-protected pages, the mw-textarea-cprotected class is added to the textarea on the edit form.
  • mw.util.wikiScript has been implemented (like wfScript in GlobalFunctions.php)
  • (bug 29067) Expose user.tokens (like we do user.options) in ResourceLoader.
  • New 'Debug' hook used by wfDebug() and wfDebugLog().
  • (bug 27655) Require token for watching/unwatching pages)
  • (bug 28904) (bug 29773) Update jQuery version from 1.4.4 to 1.6.2 (the latest version)
  • (bug 29441) Expose CapitalLinks config in JS to allow modules to properly handle titles on case-sensitive wikis.
  • (bug 29397) Implement mw.Title module in core.
  • In MySQL 4.1.9+ with replication enabled, fetch the slave lag from SHOW SLAVE STATUS instead of SHOW PROCESSLIST. This ensures that lag is reported correctly in the case where there are no write events occurring. Note that the DB user now needs to have the REPLICATION CLIENT privilege if you are using replication.
  • Language codes in $wgDummyLanguageCodes are now excluded on localization statistics (maintenance/language/transstat.php).
  • (bug 29586) Make the (next 200) links on categories link directly to the relevant section of the category.
  • (bug 29109) Allow the automatic edit summary for redirect creation show the first bit of the new redirect page.
  • (bug 29723) mw.util.wikiGetlink() now defaults to wgPageName.
  • (bug 29680) Add GetDefaultSortkey hook to override the default sortkey.
  • (bug 16699) {{#language:}} accepts second parameter to specify the language in which the language name is wanted. Coverage depends on the cldr extension.
  • (bug 15802) An easy way to look up messages: language qqx which returns the message keys.
  • (bug 29868) Add support for passing parameters to mw.msg in jquery.localize.
  • (bug 29558) $wgMiserMode now disables update.php by default.
  • AjaxCategories: Easily add, edit or delete categories on article pages. Suggests possible categories when typing, all saves are done via AJAX. Supports editing of multiple categories and then saving them in one batch.
  • $wgAutopromoteOnce was added, allowing for users to be automatically promoted to explicit usergroups. If a group is removed from a user via Special:UserRights, it will not automatically be re-added. Configuration is similar to $wgAutopromote (see DefaultSettings.php).
  • The PerformRetroactiveAutoblock hook was added to allow overriding or complementing retroactive autoblock handling. This runs when blocking a user with the 'autoblock' option.
  • MediaWiki now supports using protocol-relative URLs in links, interwiki targets and $wgServer .
  • Introduced $wgVaryOnXFPForAPI which will cause the API to send Vary: X-Forwarded-Proto headers.
  • New maintenance script to refresh image metadata (maintenance/refreshImageMetadata.php).
  • (bug 16428) Include permalink in printable version.
  • (bug 30722) Add an identity collation that sorts things based on what the unicode code point is (aka pre-1.17 behaviour).
  • (bug 30940) Add a hook in User:getDefaultOptions. To give extensions a better and more flexible way of providing default values for preferences a hook has been introdiced in User:getDefaultOptions(). Setting preferences in $wgDefaultUserOptions still work fine, but when reading them (i.e. with array_keys) to get a list of all preferences, then $wgDefaultUserOptions should no longer be used as it will contain those set via User:getDefaultOptions().
  • (bug 30497) Add client-nojs and client-js classes on document element to let styles easily hide or show things based on general JS availability.
  • (bug 31293) If Special:Userlogin is loaded over HTTPS, display MediaWiki:loginend-https instead of MediaWiki:loginend, if it's not empty. Same for signupend on the account creation page.
  • (bug 31233) New OutputPage::addJsConfigVars() method to make the output page specific mw.config map extendable.

Bug fixes in 1.18[edit]

  • (bug 27860) Minor edit after clicking 'new section' tab.
  • mw.util.getScript has been implemented (like wfScript in GlobalFunctions.php).
  • (bug 23119) WikiError class and subclasses are now marked as deprecated.
  • (bug 10871) Javascript and CSS pages in MediaWiki namespace are no longer treated as wikitext on preview.
  • (bug 22753) Output from update.php is more clear when things changed, entries indicating nothing changed are now all prefixed by "...".
  • Page existence is now not revealed (in the colour of the tabs) to users who cannot read the page in question.
  • (bug 19006) {{REVISIONUSER}} no longer acts like {{CURRENTUSER}} in some cases.
  • (bug 16019) $wgArticlePath = "/$1" no longer breaks API edit/watch actions.
  • (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown as "Permitted file types" on the upload form.
  • (bug 26379) importImages.php gives more descriptive error message on failure.
  • (bug 26410) + signs are no longer treated as spaces in internal links if link has a % sign in it.
  • (bug 26412) Search results headers no longer show a bogus edit link.
  • (bug 26540) Fixed wrong call to applyPatch in MysqlUpdater.
  • (bug 26574) Added 'upload' to $wgRestrictionTypes , allowing upload protected pages to be queried via the API and Special:ProtectedPages, and allowing disabling upload protection by removing it from $wgRestrictionTypes .
  • If an edit summary exceeds 250 bytes and is truncated, add an ellipse.
  • (bug 26638) Database error pages display correctly in RTL languages.
  • (bug 26187) Confirmrecreate no longer parses the edit summary.
  • (bug 26208) Mark directionality of some interlanguage links.
  • (bug 26034) Make the "View / Read" tab in content_navigation style tabs remain selected when the action is "purge".
  • (bug 14267) Support a MediaWiki:Mainpage-nstab override for the subject namespace tab on the mainpage of a wiki.
  • (bug 10158) Do not mention allowing others to contact you when the feature is disabled ($wgEnableUserEmail =false).
  • (bug 26733) Wrap initial table creation in transaction.
  • (bug 26729) Category pages should return 404 if they do not exist and have no members.
  • (bug 2585) Image pages should send 404 if no image, no shared image and no description page.
  • Custom editintro's using the editintro url parameter will no longer show <noinclude> sections on pages they are included on.
  • (bug 26449) Keep underlines from headings outside of tables and thumbs by adding overflow:hidden to h1,h2,h3,h4,h5,h6 (also fixes editsection bunching).
  • (bug 26708) Remove background-color:white from tables in Monobook and Vector.
  • (bug 28422) Remove color:black from tables in Monobook and Vector. And add it to table.wikitable instead.
  • (bug 26781) {{PAGENAME}} and related parser functions escape their output better.
  • (bug 26716) Provide link to instructions for external editor related preferences and add a comment to the ini control file explaining what is going on.
  • Trying to upload a file with no extension or with a disallowed MIME type now gives the right message instead of complaining about a MIME/extension mismatch.
  • (bug 26809) Uploading files with multiple extensions where one of the extensions is blacklisted now gives the proper extension in the error message.
  • (bug 26961) Hide anon edits in watchlist preference now actually works.
  • (bug 19751) Filesystem is now checked during image undeletion.
  • Send last modified headers for Special:Recentchanges when RC patrol is enabled, but user cannot see rc patrol links.
  • (bug 26548) ForeignAPIRepo (InstantCommons) now works with PDF files and other multi-paged file formats.
  • Files with a mime type that does not match the extension are now properly thumbnailed.
  • (bug 27201) Special:WhatLinksHere output no longer contains duplicate IDs.
  • (bug 15905) Nostalgia skin could become more usable by including a Talk: link at the top of the page.
  • (bug 27560) Search queries no longer fail in Walloon language.
  • (bug 27679) Broken embedded files with special characters are no longer double HTML escaped.
  • (bug 27700) The upload protection can now also be set for files that do not exist.
  • (bug 27763) Article::getParserOutput() no longer throws a fatal given when an incorrect revision ID is passed.
  • Trim the form field for uploading by url to remove extra spaces which could cause confusing error messages.
  • (bug 27854) Http::isValidURI is way too lax.
  • Do not show enotifminoredits preference, if disabled by $wgEnotifMinorEdits .
  • AbortLogin returning "ABORTED" now handled. Also allows message identifier for "ABORTED" reason to be returned and displayed to user.
  • (bug 28034) uploading file to local wiki when file exists on shared repository (commons) gives spurious info in the warning message.
  • Usernames get lost when selecting different sorts on Special:listfiles.
  • (bug 14005) editing section 0 of an existing but empty page gives no such section error.
  • (bug 26939) Installer does not set $wgMetaNamespace .
  • (bug 28166) UploadBase assumes that 'edit' and 'upload' rights are not per page restrictions.
  • Make truncate function automatically consider length of '...' string, since length can vary by localization.
  • (bug 28242) Make redirects generated by urls containing a local interwiki prefix be a 301 instead of a 302.
  • (bug 15641) blocked administrators are now prevented from deleting or protecting their own talk page; and all blocked users are more comprehensively prevented from performing other actions.
  • (bug 27893) Edit-on-doubleclick now applies only on view and purge actions; no longer triggers unexpectedly on delete, history etc.
  • (bug 28417) Fix PHP notice when importing revision without a listed id.
  • (bug 28430) Make html and TeX output of <math> always be left-to-right.
  • (bug 28306) Fix exposure of suppressed usernames in ForeignDBRepo.
  • (bug 28372) Fix bogus link to suppressed file versions in ForeignDBRepo.
  • (bug 27473) Fix regression: bold, italic no longer interfere with linktrail for ca, kaa.
  • (bug 28444) Fix regression: edit-on-doubleclick retains revision id again.
  • ' character entity is now allowed in wikitext.
  • UtfNormal::cleanUp on an invalid utf-8 sequence no longer returns false if intl installed.
  • (bug 28561) The css class small will no longer make nested elements even smaller.
  • (bug 13172) Array type exif data (like GPS) was not being extracted from images.
  • (bug 28532) wfMsgExt() and wfMsgWikiHtml() use $wgOut ->parse().
  • (bug 16129) Transcluded special pages expose strip markers when they output parsed messages.
  • (bug 27249) "Installed software" table in Special:Version should always be left-to-right.
  • (bug 28719) Do not call mLinkHolders __destruct explicitly.
  • (bug 21196) Article::getContributors() no longer fails on PostgreSQL.
  • (bug 28752) XCache doesn't work in CLI mode.
  • (bug 28076) Thumbnail height limited to 360 pixels on Special:Listfiles.
  • (bug 22227) Special:Listfiles no longer throws an error on bogus file entries.
  • (bug 19408) user_properties.up_property: 32 bytes is not enough.
  • (bug 25262) Fix for minification of hardcoded data: URIs in CSS.
  • (bug 29263) Add LTR class to the shared CSS to be used for left-to-right text such as SQL queries shown in dberrortext and similar messages in RTL environments.
  • (bug 14977) Fixed $wgServer detection in cases where an IPv6 address is used as the server name.
  • The View X deleted revisions is now shown again on Special:Upload.
  • (bug 29071) mediawiki.action.watch.ajax.js should pass uselang to API.
  • (bug 28868) Show total pages in the subtitle of an image on the file description page for multi-paged documents.
  • (bug 28883) Message names for different compression types commonly used in Tiff files.
  • When translcuding a special page, do not let it interpret url parameters.
  • (bug 28887) Special page classes are no longer re-used during 1 request.
  • (bug 28888) Searching for something starting with a # sign no longer tells the user a page named [[:]] already exists.
  • (bug 23002) Imagelinks table not updated after imagemove.
  • (bug 27864) Transcluding {{Special:Prefix}} with empty prefix now lists all pages.
  • (bug 18803) JPEG2000 images should not be uploadable as .jpg files.
  • (bug 11868) If using links to count articles, the checking will now be based on the real presence of an internal link instead of the "[[" string.
  • (bug 28287) The "your changes" box for edit conflicts is now read-only.
  • (bug 28940) When making a thumb of an SVG, and only specifying the height make the width be the max SVG size, not the natrual width of the SVG.
  • (bug 1780) Uploading files with non-ascii characters are now forbidden on Windows.
  • (bug 23464) File: prefixes are now chopped off during uploading.
  • (bug 28174) Message config-logo-help amended to not explicitly assume any LTR/RTL screen layout.
  • (bug 28992) Revision numbers in the patrol log are transformed in the user language.
  • (bug 27073) ResourceLoaderDynamicStyles marker should be dynamically appended to the document head if it doesn't exist.
  • (bug 27023) After the document is ready, mw.loader is broken (calls callback before module is parsed).
  • (bug 4330) External URLs without a custom title should be treated as LTR, even in RTL text.
  • (bug 29055) Make "don't send email on minor edits" preference apply to changes to talk page in addition to watchlist edits.
  • (bug 28272) Special:AllMessages should have only one "Go" button.
  • (bug 29101) Special:FileDuplicateSearch no longer shows silly message.
  • (bug 29048) jQuery.tabIndex: firstTabIndex() should not output the same as lastTabIndex().
  • (bug 29332) Warn if user requests mediawiki-announce subscription but does not enter an e-mail address.
  • (bug 25375) Add canonical namespaces to "wgNamespaceIds" in mw.config.
  • The class JpegOrTiffHandler was renamed ExifBitmapHandler.
  • (bug 29443) Special:Undelete should use JavaScript to invert all checkboxes instead of reloading the page.
  • (bug 29325) Setting $wgStrictFileExtensions to false no longer gives incorrect warning.
  • (bug 29437) Multiple apostrophes in deleted article title cause odd rendering.
  • (bug 29485) RSS feed of Special:RecentChange grouped together multiple consecutive edits by same user in included diff, but then linked to a single ungrouped diff.
  • Do not try to group together a page creation and edit in the RSS feed of RC.
  • (bug 29342) Patrol preferences shouldn't be visible to users who don't have patrol permissions.
  • (bug 29471) Exception no longer thrown for files with invalid date in metadata.
  • (bug 29492) Long-running steps in the installer (such as Upgrade and Install) no longer cause timeouts.
  • (bug 29507) Change 'image link' to 'file link' in Special:Whatlinkshere.
  • If the db is really screwed up, and doesn't have a recentchanges table, make the updater throw an exception instead of a fatal.
  • wfArrayToCGI() and wfCgiToArray() now handle nested and associative arrays correctly.
  • (bug 29567) mw.util.addPortletLink should only wrap link in <span> for "vectorTabs" portlets.
  • (bug 8556) Incorrect session failure warning on preview-on-open namespaces (categories) when combined with $wgRawHtml .
  • Use content language in formatting of dates in revertpage message (rollback revert edit summary) and do not adjust for user timezone.
  • (bug 29277) MediaWiki:Filepage.css is also shown on the local wiki
  • Make sure Backlink cache does not retrieve interwiki redirects when looking for redirects to a local page.
  • (bug 6100) Allow different directionality (LTR/RTL) for user interface and wiki content, along with many other RTL and directionality improvements (such as bugs 28030, 12406, 28349).
  • (bug 29712) Removed broken defaultUserOptionOverrides in MessagesXx files and unneeded CSS flipping of quickbar. Instead, introduce option 5 which sets left/right according to the directionality of your interface language.
  • (bug 19514) Unordered list list-style-image should be IE6-compatible (8-bit).
  • (bug 27410) The tag filter on a history page is now within a <label> element.
  • (bug 29779) DairikiDiff/WikiDiff <ins> and <del> should undo browser default styling (strike/underline).
  • (bug 28630) Add iwlinks, langlinks, redirect to RefreshLinks::deleteLinksFromNonexistent.
  • (bug 29797) Error: "Tried to load block with invalid type" when subpages are disabled for user pages.
  • (bug 12205) Bidirectional names in action=credits are split and displayed. incorrectly when wrapped to the next line.
  • (bug 20781) Move 'mainpagetext' messages to installer's .i18n file.
  • (bug 29737) "MediaWiki:Qbsettings-directionality" should refer to script, not language.
  • (bug 26360) $wgSessionHandler was overriding system settings unconditionally.
  • Removed AjaxFunctions.php. The last remaining function js_unescape() was moved to the FCKEditor extension.
  • (bug 28762) Resizing to specified height broken for very thin images.
  • (bug 29959) Installer fatal when cURL and allow_url_fopen is disabled and user tries to subsribe to mediawiki-announce.
  • (bug 27427) mw.util.getParamValue shouldn't return value from hash even if param is only present in hash.
  • Installer checked for magic_quotes_runtime instead of register_globals.
  • (bug 30131) XCache with variable caching disabled no longer used for variable caching (CACHE_ACCEL)
  • $wgSVGMaxSize is now applied to the smaller of width or height, making very wide pano/timeline/diagram SVGs renderable at saner sizes.
  • (bug 30219) The page shown when LocalSettings.php does not exist was broken on Windows servers.
  • (bug 30074) Moving user JS subpages resulted in JS errors because #REDIRECT [[Foo]] is invalid JS.
  • (bug 30335) Fix for HTMLForms using GET breaking when non-friendly URLs are used.
  • (bug 30264) Changed installer-generated LocalSettings.php to use require_once() instead require() for included extensions.
  • Tracking categories are no longer shown in footer for special pages.
  • (bug 30684) Fix bad escaping in mw.message for inexistent messages (i.e. <key>).
  • $wgOverrideSiteFeed no longer double escapes urls.
  • The preprocessor no longer fails with a PHP warning about XML_PARSE_HUGE when processing complex pages using newer versions of libxml2.
  • (bug 30907) Special:Unusedcategories should sort ascendingly.
  • (bug 28545) When using the uca-default collation, sortkey's starting with a space (U+20) will sort under an invisible header like in 1.16 rather than a U+6DE.
  • (bug 30192) Thumbnails of archived files are now deleted.
  • (bug 30843) mediawiki.Title should not convert extensions (anything after the last full stop) to lower case).
  • (bug 31213) Exception thrown when trying to move file cross-namespace.
  • (bug 18424) Special:Prefixindex and Special:Allpages paging links are really small, and somewhat inconsistent with each other.
  • (bug 30466) Entries in iwlinks table are now cleared when moving a page over redirect.
  • (bug 31674) Can't edit watchlist if it contains special pages.
  • (bug 32100) Installer complains about Suhosin GET limit even if it is already set above 1024 bytes.
  • (bug 32086) Special:PermanentLink now show an error message when no subpage was specified.

API changes in 1.18[edit]

  • BREAKING CHANGE: action=watch now requires POST and token.
  • (bug 26339) Throw warning when truncating an overlarge API result.
  • (bug 14869) Add API module for accessing QueryPage-based special pages.
  • (bug 14020) API for Special:Unwatchedpages.
  • (bug 24287) Wrap API Help output at 100 characters.
  • Add a realname uiprop option to query=userinfo so a user's realname can be extracted.
  • Add a &watchuser option to ApiBlock.
  • (bug 26541) Generator-ise ApiQueryRecentChanges.
  • action=parse now correctly returns an error for nonexistent pages.
  • (bug 25767) Add userrights properties to allusers and users query lists.
  • (bug 26558) list=allusers auprop=groups does not list groups a user is automatically a member of.
  • (bug 26559) list=allusers auprop=rights does not match list=users usprop=rights.
  • (bug 26560) On allusers if limit < total number of users, last user gets duplicate.
  • (bug 25135) add "normalized" to action=parse.
  • (bug 26460) Add support for listing category members by category pageid.
  • (bug 26482) add a imimages param to prop=images.
  • (bug 26498) allow LinksUpdate with API.
  • (bug 26485) add a elextlinks param to prop=extlinks.
  • (bug 26483) add a iwtitles param to prop=iwlinks.
  • (bug 26484) add a lltitles param to prop=langlinks.
  • (bug 26480) add a pppageprops param to prop=pageprops.
  • (bug 26650) Remove $wgAPICacheHelp in favour of $wgAPICacheHelpTimeout .
  • (bug 24650) Fix API to work with categorylinks changes.
  • Expose list of skins in meta=siteinfo.
  • (bug 26548) Add iiurlparam param to query=imageinfo and query=stashimageinfo.
  • (bug 27205) aiprop=metadata and aiprop=parsedcomment need help text.
  • Add a amtitle param to meta=allmessages.
  • (bug 25832) query=allimages now outputs ns/title as well.
  • (bug 27199) Thumbnail urls can be fetched for old files as well.
  • (bug 27376) when using ApiBase::PARAM_TYPE => 'integer' without a min or max value, API doesn't validate the input is actually an integer.
  • (bug 27479) API error when using both prop=pageprops and prop=info&inprop=displaytitle.
  • (bug 27554) Update API information text to reflect change in bug 26125.
  • (bug 27611) list=blocks: Use ipb_by_text instead of join with user table.
  • (bug 27616) Add userid of blocked user and blocker to list=blocks.
  • (bug 27688) Simplify queries to list user block information.
  • (bug 27708) list=users does not have a property to return user id.
  • (bug 27715) imageinfo didn't respect revdelete.
  • (bug 27862) Useremail module didn't properly return success on success.
  • (bug 27590) prop=imageinfo now allows querying the media type.
  • (bug 27587) list=filearchive now outputs full title info.
  • (bug 27018) Added action=filerevert to revert files to an old version.
  • (bug 27897) list=allusers and list=users list hidden users.
  • (bug 27717) API's exturlusage module does not respect $wgMiserMode .
  • (bug 27588) list=filearchive&faprop=sha1 returns empty attribute.
  • (bug 28010) Passing a non existant user to list=users gives internal error.
  • (bug 27549) action=query&list=users&usprop=groups doesn't show implicit groups if a user doesn't have explicit groups.
  • (bug 27670) Ordering by timestamp (and usage of start and end) isn't as clear in auto generated document, as it is on mediawiki.org.
  • (bug 27182) API: Add filter by prefix for meta=allmessages.
  • (bug 27183) API: Add filter by customisation state for meta=allmessages.
  • (bug 27340) API: Allow listing of "small" categories.
  • (bug 27342) Add audir param to list=allusers.
  • (bug 27203) add fato param to list=filearchive.
  • (bug 27341) Add drto param to list=deletedrevs.
  • (bug 26630) Add API for Special:ActiveUsers.
  • (bug 27020) API: Allow title prefix search of logevents (only when not in miser mode).
  • (bug 26629) add Special:MIMESearch to API.
  • (bug 27585) add pagecount to list=filearchive.
  • (bug 28104) Namespace for local pages in interwiki backlinks (iwbacklinks) is missing.
  • (bug 27343) Add parseddescription to list=filearchive.
  • (bug 27469) label implicit groups in list=allusers&auprop=groups/ list=users&usprop=groups.
  • Addition of APIQuerySiteInfoGeneralInfo hook to add extra information to the general site info results.
  • (bug 16288) API: consider making closure status of wikis more clear with meta=siteinfo.
  • (bug 27589) list=allimages&aiprop=archivename is useless.
  • (bug 27586) Remove duplication of props in ApiQueryStashImageInfo by using ApiQueryImageInfo.
  • (bug 28226) prop=extlinks&eloffset should be an integer.
  • (bug 28070) Fix watchlist RSS for databases that store timestamps in a real timestamp field.
  • API upload errors may now return the parameter that needs to be changed and a sessionkey to fix the error.
  • (bug 28249) allow dupes in meta=allmessages&amargs.
  • (bug 28263) cannot import xml with the API, when have not "import" user right, but "importupload".
  • (bug 28365) Added description for uiprop=preferencestoken in meta=userinfo.
  • (bug 28394) Set forgotten parameters types in ApiUnblock.
  • (bug 28395) Set forgotten parameters types in ApiParse.
  • (bug 28368) add hint for multipart/form-data to API information of action=import&xml=.
  • (bug 28391) action=feedwatchlist&allrev should be a bool.
  • (bug 28364) add registration date to meta=userinfo.
  • (bug 28254) action=paraminfo: Extract type from PARAM_DFLT if PARAM_TYPE is not set.
  • (bug 27712) add parent_id to list=deletedrevs.
  • (bug 28455) Add 'toponly' to recentchanges API module.
  • (bug 26873) API: Add 'toponly' filter in usercontribs module.
  • (bug 28586) YAML: strings that are the same as boolean literals.
  • (bug 28591) Update/replace/supplement spyc (YAML parsing library).
  • YAML API output is now 1.2 compliant, using JSON as the formatter.
  • (bug 28672) give information about misermode on API.
  • (bug 28558) Add iw_api and iw_wikiid to meta=siteinfo&siprop=interwikimap
  • (bug 26882) Allow listing of indefinite protections with the API.
  • (bug 27344) add drprefix param to list=deletedrevs.
  • (bug 28560) list=deletedrevs should die, if combination of param is invalid.
  • (bug 28238) paraminfo: output both limits for multi param.
  • (bug 27179) API: List of extension tags through meta=siteinfo.
  • Get a list of function hooks through meta=siteinfo.
  • Get a list of all subscribed hooks, and those subscribers.
  • (bug 28225) Allow hiding of user groups in list=allusers.
  • (bug 27185) API: Add Special:ComparePages.
  • (bug 28265) allow outputting of comments for action=expandtemplates.
  • (bug 27790) Add query type for querymodules to output of ApiParamInfo.
  • (bug 28963) Add langbacklinks query module to the api.
  • (bug 27593) API should return error message when sha1/sha1base36 is invalid.
  • (bug 28578) API's parse module should not silently override invalid title inputs.
  • (bug 20699) Watchlist API should list log-events.
  • (bug 29070) Require a token in API action=watch.
  • (bug 29221) Expose oldrevid in ApiQueryWatchlist output.
  • (bug 29267) Always give the servername for meta=siteinfo&siprop=dbrepllag.
  • (bug 28897) rvparse now respects rvsection for action=query&prop=revisions.
  • (bug 25734) API: Possible issue with revids validation.
  • (bug 28002) Internal error in ApiFormatRaw::getMimeType.
  • (bug 29237) ApiQuery now has an option to output the "iwurl" attribute.
  • (bug 28392) Mark action=undelete&timestamps as type "timestamp".
  • (bug 21346) Make deleted images searchable by hash (disabled in Miser Mode).
  • (bug 27595) sha1 search of list=filearchive does not work.
  • (bug 26763) Make RSS/Atom of user contributions more visible.
  • (bug 25133) Allow redirects also for action=parse&pageid.
  • (bug 29745) Fatal error in API search.
  • (bug 29476) API returns page title instead of sectiontitle for srprop=sectiontitle.
  • Correct the documentation of srprop properties.
  • (bug 28817) Add reference help page link to API Modules.
  • (bug 29935) Improve formatting of examples in ApiParamInfo.
  • (bug 29938) list=users&usprop=rights shows rights the user doesn't have.
  • (bug 24781) The API will include an XML namespace if the includexmlnamespace parameter is set.
  • (bug 29392) Setting the start or end parameter now works with lists blocks, categorymembers, deletedrevs, logevents, protectedtitles, usercontributions and watchlist in Postgres.

Languages updated in 1.18[edit]

MediaWiki supports over 330 languages. Many localisations are updated regularly. Below only new and removed languages are listed, as well as changes to languages because of Bugzilla reports.

  • Angika (anp) (new).
  • Brahui (brh) (new).
  • Central Dusun (dtp) (new).
  • Jamaican Creole English (jam) (new).
  • Khowar (khw) (new).
  • Liv (liv) (new).
  • Kichwa (qug) (new).
  • Tokipona (tp) (removed) 'tokipona' is still valid.
  • (bug 17160) Gender specific display text for User namespace.
  • Link trail added for sl and sh.
  • (bug 27633) Add characters to linkTrail for Portuguese (pt and pt-br).
  • (bug 27426) Set $namespaceGenderAliases for Arabic (ar).
  • (bug 27385) Set Polish $namespaceGenderAliases.
  • (bug 27681) Set $namespaceGenderAliases for Portuguese (pt and pt-br).
  • (bug 27785) Fallback language for Kabardian (kbd) is English now.
  • (bug 27825) Raw watchlist edit message now uses formatted numbers.
  • (bug 28040) Turkish: properly lower case 'I' to 'ı' (dotless i) and uppercase 'i' to 'İ' (dotted i).
  • Conversion script between Syllabics and Latin for the Inuktitut language.
  • Date formats for Indonesian (id) updated.
  • Bhojpuri (bho) (renamed from "bh").
  • (bug 29031) When translating block log entries, indefinite, infinite, and infinity are now considered the same.
  • Aromanian (rup) (renamed from "rua-rup").
  • Kashmiri (ks) split into Kashmiri (Perso-Arabic) (ks-arab) and Kashmiri (Devanagari) (ks-deva). Defaults to ks-arab.
  • (bug 30864) Use bengali numerals for <ol> for Assamese.
  • (bug 30817) Restored linktrail for kk (Kazakh).
  • (bug 27398) Add $wgExtraGenderNamespaces for configured gendered namespaces.
  • (bug 30846) New LanguageOs class.

Other changes in 1.18[edit]

  • Removed legacy wgAjaxWatch javascript global object, no longer in use.
  • (bug 28556) Upload support for MacBinary files has been removed (Used by Internet Explorer 5 for Mac OS 9).
  • On wiki farm setups using $wgConf , 'wgCanonicalServer' is now expected to be set for all wikis. This was already the case for 'wgServer'.

Compatibility[edit]

MediaWiki 1.18 requires PHP 5.2.3. PHP 4 is no longer supported.

MySQL is the recommended DBMS. PostgreSQL, Oracle or SQLite can also be used, but support for them is somewhat less mature. There is experimental support for IBM DB2 and Microsoft SQL Server.

The supported versions are:

  • MySQL 4.0 or later
  • PostgreSQL 8.3 or later
  • SQLite 3
  • Oracle 9.0.1 or later

Upgrading[edit]

1.18 has several database changes since 1.17, and will not work without schema updates.

If upgrading from before 1.11, and you are using a wiki as a commons repository, make sure that it is updated as well. Otherwise, errors may arise due to database schema changes.

If upgrading from before 1.7, you may want to run refreshLinks.php to ensure new database fields are filled with data.

If you are upgrading from MediaWiki 1.4.x or earlier, some major database changes are made, and there is a slightly higher chance that things could break. Don't forget to always back up your database before upgrading!

When upgrading to 1.18.x custom skins may give errors. replace tooltipAndAccesskey with tooltipAndAccesskeyAttribs.

See the file UPGRADE for more detailed upgrade instructions.

For notes on 1.17.x and older releases, see HISTORY.

Online documentation[edit]

Documentation for both end-users and site administrators is available on MediaWiki.org, and is covered under the GNU Free Documentation License (except for pages that explicitly state that their contents are in the public domain):

Documentation

Mailing list[edit]

A mailing list is available for MediaWiki user support and discussion:

mail:mediawiki-l

A low-traffic announcements-only list is also available:

mail:mediawiki-announce

It's highly recommended that you sign up for one of these lists if you're going to run a public MediaWiki, so you can be notified of security fixes.

IRC help[edit]

There's usually someone online in the IRC channel #mediawiki connect.