Release notes/1.5

= MediaWiki release notes =

Security reminder: MediaWiki does not require PHP's register_globals setting since version 1.2.0. If you have it on, turn it off if you can.

MediaWiki 1.5 beta 1
June 26, 2005

MediaWiki 1.5 beta 1 is a preview release, pretty much feature complete, of the new 1.5 release series. There are several known and likely a number of unknown bugs; it is not recommended to use this release in a production environment but would be recommended for testing in mind of an upcoming deployment.

A number of significant changes have been made since the alpha releases, including database changes and a reworking of the user permissions settings. See the file UPGRADE for details of upgrading and changing your prior configuration settings for the new system.

MediaWiki 1.5 alpha 2
June 3, 2005

MediaWiki 1.5 alpha 2 includes a lot of bug fixes, feature merges, and a security update.

Incorrect handling of page template inclusions made it possible to inject JavaScript code into HTML attributes, which could lead to cross-site scripting attacks on a publicly editable wiki.

Vulnerable releases and fix:
 * 1.5 prerelease: fixed in 1.5alpha2
 * 1.4 stable series: fixed in 1.4.5
 * 1.3 legacy series: fixed in 1.3.13
 * 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended

MediaWiki 1.5 alpha 1
May 3, 2005

This is a testing preview release, being put out mainly to aid testers in finding installation bugs and other major problems. It is strongly recommended NOT to run a live production web site on this alpha release.

Big changes
Schema:
 * The core table schema has changed significantly. This should make better use of the database's cache and disk I/O, and make significantly speed up rename and delete operations on pages with very long edit histories.
 * Unfortunately this does mean upgrading a wiki of size from 1.4 will require some downtime for the schema restructuring, but future storage backend changes should be able to integrate into the new system more easily.

Permalinks:
 * The current revision of a page now has a permanent 'oldid' number assigned immediately, and the id numbers are now preserved across deletion/undeletion.
 * A permanent reference to the current revision of a page is now just a matter of going to the 'history' tab and copying the first link in the list.

Page move log:
 * Renames of pages are now recorded in Special:Log and the page history.
 * A handy revert link is available from the log for sysops.

Editing diff:
 * Ever lost track of what you'd done so far during an edit? A 'Show diff' button on the edit page now makes it easy to remember.

Uploads:
 * It's now possible to specify the final filename of an upload distinct from the original filename on your disk.
 * An image link for a missing file will now take you straight to the upload page.
 * More metadata is pre-extracted from uploaded images, which will ease pressure on disk or NFS volumes used to store images. EXIF metadata is displayed on the image description page if PHP is configured with the necessary module.

User accounts:
 * There are some changes to the user permissions system, with assignable groups. This is still somewhat in flux; do not rely on the present system that you see in this alpha to still be there.

E-mail:
 * User-to-user e-mail can now be restricted to require a mail-back confirmation first to reduce potential for abuse with false addresses.
 * Updates to user talk pages and watchlist entries can optionally send e-mail notifications.

External hooks:
 * A somewhat experimental interface for hooking in an external editor application is included. This may not be on by default in final release, depending on support.

And...
 * A bunch of stuff we forgot to mention.

What's gone?
Latin-1:
 * Wikis must now be encoded in Unicode UTF-8; this has been the default for some time, but some languages could optionally be installed in Latin-1 mode. This is no longer supported.

MySQL 3.x:
 * Some optimization hacks for MySQL 3.x have been removed as part of the schema clean-up (specifically, the inverse_timestamp fields). MediaWiki 1.5 should still run, but wikis of significant size should very seriously consider upgrading to a more modern release. MySQL 3.x support will probably be entirely dropped in the next major release later this year.

Special:Maintenance
 * These tools were, ironically enough, not really maintained. This special page has been removed; insofar as some of its pieces were useful and haven't already been supplanted by other special pages they should be rewritten in an efficient and safe manner in the future.

What's still waiting?
These things should be fixed by the time 1.5.0 final is released:

Upgrade:
 * Wikis in Latin-1 encoding are no longer supported; only Unicode UTF-8. A new option $wgLegacyEncoding is provided to allow on-the-fly recoding of old page text entries, but other metadata fields (titles, comments etc) need to be pre-converted. The upgrade process does not yet fully automate this.
 * In general the upgrade from 1.4 to 1.5 schema has not been tested for all cases, and there may be problems.

Backups:
 * The text entries of deleted pages are no longer removed from the main text table on deletion. If you provide public backup dumps of your databases, you will probably want to use the new XML-format dump generator... but this hasn't been finished yet.

PostgreSQL:
 * The table definitions for PostgreSQL install are out of date, and patches to support PostgreSQL from the main installer are still pending.

MySQL 4.1+:
 * Proper charset encoding / collation configuration for installs on MySQL 4.1 and higher still needs to be fiddled with. Some bits may fail on the UTF-8 setting due to some long field keys.

Authentication plugin fixes:
 * The AuthPlugin interface needs some improvements to work better with LDAP, HTTP basic auth, and other such environments. Some patches are pending.

Smaller changes
Various bugfixes, small features, and a few experimental things:


 * 'live preview' reduces preview reload burden on supported browsers
 * support for external editors for files and wiki pages: m:Help:External editors
 * Schema reworking: Proposed Database Schema Changes/October 2004
 * (bug 15) Allow editors to view diff of their change before actually submitting an edit
 * (bug 190) Hide your own edits on Special:Watchlist.
 * (bug 510): Special:Randompage now works for other namespaces than NS_MAIN.
 * (bug 1015) support for the full wikisyntax in captions.
 * (bug 1105) A "Destination filename" (save as) added to Special:Upload Upload.
 * (bug 1352) Images on description pages now get thumbnailed regardless of whether the thumbnail is larger than the original.
 * (bug 1662) A new magicword, August returns the abbreviation of the current month
 * (bug 1668) 'Date format' supported for other languages than English, see: http://mail.wikipedia.org/pipermail/wikitech-l/2005-March/028364.html
 * (bug 1739) A new magicword, give you the article or diff database revision id, useful for proper citation.
 * (bug 1998) Updated the Russian translation.
 * (bug 2064) Configurable JavaScript mimetype with $wgJsMimeType
 * (bug 2084) Fixed a regular expression in includes/Title.php that was accepting invalid syntax like #REDIRECT foo in redirects.
 * It's now possible to invert the namespace selection at Special:Allpages and Special:Contributions
 * No longer using sorbs.net to check for open proxies by default.
 * What was $wgDisableUploads is now $wgEnableUploads, and should be set to true if one wishes to enable uploads.
 * Supplying a reason for a block is no longer mandatory
 * Language conversion support for category pages
 * $wgStyleSheetDirectory is no longer an alias for $wgStyleDirectory;
 * Special:Movepage can now take paramaters like Special:Movepage/Page_to_move (used to just be able to take paramaters via a GET request like index.php?title=Special:Movepage&target=Page_to_move)
 * (bug 2151) The delete summary now includes editor name, if only one has edited the article.
 * (bug 2105) Fixed from argument to the PHP mail function. A missing space could prevent sending mail with some versions of sendmail.
 * (bug 2228) Updated the Slovak translation
 * ...and more!

Changes since 1.5alpha1

 * (bug 73) Category sort key is set to file name when adding category to file description from upload page (previously it would be set to "Special:Upload", causing problems with category paging)
 * (bug 419) The contents of the navigation toolbar are now editable through the MediaWiki namespace on the MediaWiki:navbar page.
 * (bug 498) The Views heading in MonoBook.php is now localizable
 * (bug 898) The wiki can now do advanced sanity check on uploaded files including virus checks using external programs.
 * (bug 1692) Fix margin on unwatch tab
 * (bug 1906) Generalize project namespace for Latin localization, update namespaces
 * (bug 1975) The name for Limburgish (li) changed from "LÃ¨mburgs" to "Limburgs
 * (bug 2019) Wrapped the output of Special:Version in in order to preserve the correct flow of text on RTL wikis.
 * (bug 2067) Fixed crash on empty quoted HTML attribute
 * (bug 2075) Corrected namespace definitions in Tamil localization
 * (bug 2079) Removed links to Special:Maintenance from movepagetext message
 * (bug 2094) Multiple use of a template produced wrong results in some cases
 * (bug 2095) Triple-closing-bracket thing partly fixed
 * (bug 2110) "noarticletext" should not display on Image page for "sharedupload" media
 * (bug 2150) Fix tab indexes on edit form
 * (bug 2152) Add missing bgcolor to attribute whitelist for &lt;td&gt; and &lt;th&gt;
 * (bug 2176) Section edit 'show changes' button works correctly now
 * (bug 2178) Use temp dir from environment in parser tests
 * (bug 2217) Negative ISO years were incorrectly converted to BC notation
 * (bug 2234) allow special chars in database passwords during install
 * Deprecated the syntax for referring to templates, {{msg: is now the wikisyntax representation of wfMsgForContent
 * Fix for reading incorrectly re-gzipped HistoryBlob entries
 * HistoryBlobStub: the last-used HistoryBlob is kept open to speed up multiple-revision pulls
 * Add $wgLegacySchemaConversion update-time option to reduce amount of copying during the schema upgrade: creates HistoryBlobCurStub reference records in text instead of copying all the cur_text fields. Requires that the cur table be left in place until/unless such fields are migrated into the main text store.
 * Special:Export now includes page, revision, and user id numbers by default (previously this was disabled for no particular reason)
 * dumpBackup.php can dump the full database to Export XML, with current revisions only or complete histories.
 * The group table was renamed to groups because "group" is a reserved word in SQL which caused some inconveniances.
 * New fileicons for c, cpp, deb, dvi, exe, h, html, iso, java, mid, mov, o, ogg, pdf, ps, rm, rpm, tar, tex, ttf and txt files based on the KDE crystalsvg theme.
 * Fixed a bug in Special:Newimages that made it impossible to search for '0'
 * Added language variant support for Icelandic, now supports "Ãslenzka"
 * The #p-nav id in MonoBook is now #p-navigation
 * Putting $4 in msg:userstatstext will now give the percentage of admnistrators out of normal users.
 * links and brokenlinks tables merged to pagelinks; this will reduce pain dealing with moves and deletes of widely-linked pages.
 * Add validate table and val_ip column through the updater.
 * Simple rate limiter for edits and page moves; set $wgRateLimits (somewhat experimental; currently needs memcached)
 * (bug 2262) Hide math preferences when TeX is not enabled
 * (bug 2267) Don't generate thumbnail at the same size as the source image.
 * Fix rebuildtextindex.inc for new schema
 * Remove linkscc table code, no longer used.
 * (bug 2271) Use faster text-only link replacement in image alt text instead of rerunning expensive link lookup and HTML generation.
 * Only build the HTML attribute whitelist tree once.
 * Replace wfMungeToUtf8 and do_html_entity_decode with a single function that does both numeric and named chars: Sanitizer::decodeCharReferences
 * Removed some obsolete UTF-8 converter functions
 * Fix function comment in debug dump of SQL statements
 * (bug 2275) Update search index more or less right on page move
 * (bug 2053) Move comment whitespace trimming from edit page to save; leaves the whitespace from the section comment there on preview.
 * (bug 2274) Respect stub threshold in category page list
 * (bug 2173) Fatal error when removing an article with an empty title from the watchlist
 * Removed -f parameter from mail usage, likely to cause failures and bounces.
 * (bug 2130) Fixed interwiki links with fragments
 * (bug 684) Accept an attribute parameter array on parser hook tags
 * (bug 814) Integrate AuthPlugin changes to support Ryan Lane's external LDAP authentication plugin
 * (bug 2034) Armor HTML attributes against template inclusion and links munging

Changes since 1.5alpha2

 * (bug 2319) Fix parse hook tag matching
 * (bug 2329) Fix title formatting in several special pages
 * (bug 2223) Add unique index on user_name field to prevent duplicate accounts
 * (bug 1976) fix shared user database with a table prefix set
 * (bug 2334) Accept null for attribs in wfElement without PHP warning
 * (bug 2309) Allow templates and template parameters in HTML attribute zone, with proper validation checks. (regression from fix for 2304)
 * Disallow close tags and enforce empty tags for and
 * Changed user_groups format quite a bit.
 * (bug 2368) Avoid fatally breaking PHP 4.1.2 in a debug line
 * (bug 2367) Insert correct redirect link record on page move
 * (bug 2372) Fix rendering of empty-title inline interwiki links
 * (bug 2384) Fix typo in regex for IP address checking
 * (bug 650) Prominently link MySQL 4.1 help page in installer if a possible version conflict is detected
 * (bug 2394) Undo incompatible breakage to compatiblity includes
 * (bug 1322) Use a shorter cl_sortkey field to avoid breaking on MySQL 4.1 when the default charset is set to utf8
 * (bug 2400) don't send confirmation mail on account creation if $wgEmailAuthentication is false.
 * (bug 2172) Fix problem with nowiki beeing replaced by marker strings when a template with a gallery was used.
 * Guard Special:Userrights against form submission forgery
 * (bug 2408) page_is_new was inverted (whoops!)
 * Added wfMsgHtml function for escaping messages and leaving params intact
 * Fix ordering of Special:Listusers; fix groups list so it shows all groups when searching for a specific group and can't be split across pages
 * (bug 1702) Display a handy upload link instead of a useless blank link for [[media:]] links to nonexistent files.
 * (bug 873) Fix usage of createaccount permission; replaces $wgWhitelistAccount
 * (bug 1805) Initialise $wgContLang before $wgUser
 * (bug 2277) Added Friulian language file
 * (bug 2457) The "Special page" href now links to the current special page rather than to "".
 * (bug 1120) Updated the Czech translation
 * A new magic word,, returns $wgScriptPath
 * A new magic word,, returns $wgServerName
 * A new magic word,, returns the number of rows in the image table
 * Special:Imagelist displays titles with " " instead of "_"
 * Less gratuitous munging of content sample in delete summary
 * badaccess/badaccesstext to supercede sysop*, developer* messages
 * Changed $wgGroupPermissions to more cut-n-paste-friendly format
 * 'developer' group deprecated by default
 * Special:Upload now uses 'upload' permission instead of hardcoding login check
 * Add 'importupload' permission to disable direct uploads to Special:Import
 * (bug 2459) Correct escaping in Special:Log prev/next links
 * (bug 2462 etc) Taking out the experimental dash conversion; it broke too many things for the current parser to handle cleanly
 * (bug 2467) Added a Turkish language file
 * Fixed a bug in Special:Contributions that caused the namespace selection to be forgotten between submits
 * Special:Watchlist/edit now has namespace subheadings
 * (bug 1714) the "Save page" button now has right margin to seperate it from "Show preview" and "Show changes"
 * Special:Statistics now supports action=raw, useful for bots designed to harwest e.g. article counts from multiple wikis.
 * The copyright confirmation box at Special:Upload is now turned off by default and can be turned back on by setting $wgCopyrightAffirmation to a true value.
 * Restored prior text for password reminder button and e-mail, replacing the factually inaccurate text that was there.
 * (bug 2178) Fix temp dir check again
 * (bug 2488) Format 'deletedtext' message as wikitext
 * (bug 750) Keep line endings consistent in LocalSettings.php
 * (bug 1577) Add 'printable version' tab in MonoBook for people who don't realize you can just hit print to get a nicely formatted printable page.
 * Trim whitespace from option values to weather line-ending corruption problems
 * Fixed a typo in the Romanian language file (NS_MESIA => NS_MEDIA)
 * (bug 2504) Updated the Finnish translation
 * (bug 2506, 2512) Updated the Nynorsk translation
 * (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE documentation about edit and read whitelists.
 * (bug 2515) Fix incremental link table update
 * Removed some wikipedia-specifica from LanguageXx.php's
 * (bug 2496) Allow MediaWiki:edithelppage to point to external page
 * Added a versionRequired function to OutputPage, useful for extension writers that want to control what version of MediaWiki their extension can be used with.
 * Serialized user objects now checked for versioning
 * Fix for interwiki link regression
 * Printable link shorter in monobook
 * Experimental Latin-1-and-replication-friendly upgrader script
 * (bug 2520) Don't show enotif options when disabled

Changes since 1.5beta1

 * (bug 2531) Changed the interwiki name for sh (Serbocroatian) to Srpskohrvatski/Ð¡Ñ€Ð¿ÑÐºÐ¾Ñ…Ñ€Ð²Ð°Ñ‚ÑÐºÐ¸ (was Ð¡Ñ€Ð¿ÑÐºÐ¾Ñ…Ñ€Ð²Ð°Ñ‚ÑÐºÐ¸ (Srbskohrvatski))
 * Nonzero return code for command-line scripts on wfDebugDieBacktrace
 * Conversion fix for empty old table in upgrade1_5.php
 * Try reading revisions from master if no result on slave
 * (bug 2538) Suppress notice on user serialized checks
 * Fix paging on Special:Contributions
 * (bug 2541) Fix unprotect tab
 * (bug 1242) category list now show on edit page
 * Skip sidebar entries where link text is '-'
 * Convert non-UTF-8 URL parameters even if referer is local
 * (bug 2460) width & height properly filled when resizing image
 * (bug 2273) deletion log comment used user interface langage
 * Try reading revision _text_ from master if no result on slave
 * Use content-language message cache for raw view of message pages
 * (bug 2530) Not displaying talk pages on Special:Watchlist/edit
 * Fixed a bug that would occour if $wgCapitalLinks was set to false, a user agent could create a username that began with a lower case letter that was not in the ASCII character set ( now user $wgContLang->ucfirst instead of PHP ucfirst )
 * Moved the user name / password validity checking from LoginForm::addNewAccountInternal to two new functions, User::isValidUserName and User::isValidPassword, extensions can now do these checks without rewriting code.
 * Fix $wgSiteNotice when MediaWiki:Sitenotice is set to default '-'
 * Fixed a bug where the watchlist count without talk pages would be off by a factor of two.
 * upgrade1_5.php uses insert ignore, allows to skip image info initialization
 * Fix namespaces in category list.
 * Add rebuildImages.php to update image metadata fields
 * Special:Ancientpages is expensive in new schema for now
 * (bug 2568) Fixed a logic error in the Special:Statistics code which caused the displayed percentage of admins to be totally off.
 * (bug 2560) Don't show blank width/height attributes for missing size
 * Don't show bogus messages about watchlist notifications when disabled
 * Don't show old debug messages in watchlist
 * (bug 2576) Fix recording of transclusion links
 * (bug 2577) Allow sysops to enter non-standard block times
 * Fixed a bug where Special:Contributions wouldn't remember the 'invert' status between next/previous buttons.
 * Move MonoBook printable link from tab to sidebar
 * (bug 2567) Fix HTML escaping on category titles in list
 * (bug 2562) Show rollback link for current revisions on diff pages
 * (bug 2583) Add --missinig option on rebuildImages.php to add db entries for uploaded files that don't have them
 * (bug 2572) Fix edit conflict handling
 * (bug 2595) Show "Earlier" and "Latest" links on history go to the first/last page in the article history pager.
 * Don't show empty-page text in 'Show changes' on new page
 * (bug 2591) Check for end, fix limits on Whatlinkshere
 * (bug 2584) Fix output of subcategory list
 * (bug 2597) Don't crash when undeleting an image description page
 * (bug 2564) Don't show "editingold" warning for recent revision
 * Various code cleanup and HTML escaping fixlets
 * Copy IRC-over-UDP update option from REL1_4
 * (bug 2548) Keep summary on 'show changes' of section edit
 * Move center on toc to title part to avoid breaking .toc style usage
 * HTML sanitizer: correct multiple attributes by keeping last, not first
 * (bug 2614) Fix section edit links on diff-to-current with oldid set Also fix navigation links on current-with-oldid view.
 * (bug 2620) Return to prior behavior for some more things (such as subpage parent links) on current-diff view.
 * (bug 2618) Fix regression from another fix; show initial preview for categories only if the page does not exist.
 * (bug 2625) Keep group & user settings when paging in Listusers
 * (bug 2627) Fix regression: diff radio button initial selection
 * Copy fix for old search URLs with Lucene search plugin from REL1_4
 * (bug 619) Don't use incompatible diff3 executable on non-Linux systems.
 * (bug 2631) Fix Hebrew namespaces.
 * (bug 2630) Indicate no-longer-valid cached entries in BrokenRedirects list

Caveats
Some output, particularly involving user-supplied inline HTML, may not produce 100% valid or well-formed XHTML output. Testers are welcome to set $wgMimeType = "application/xhtml+xml"; to test for remaining problem cases, but this is not recommended on live sites. (This must be set for MathML to display properly in Mozilla.)

For notes on 1.4.x and older releases, see HISTORY.

Online documentation
Documentation for both end-users and site administrators is currently being built up on Meta-Wikipedia, and is covered under the GNU Free Documentation License:
 * meta:Help:Contents

Mailing list
A MediaWiki-l mailing list has been set up distinct from the Wikipedia wikitech-l list:
 * mediawiki-l

A low-traffic announcements-only list is also available:
 * mediawiki-announce

It's highly recommended that you sign up for one of these lists if you're going to run a public MediaWiki, so you can be notified of security fixes.

IRC help
There's usually someone online in #mediawiki on irc.freenode.net