MediaWiki 1.28/wmf.16/Changelog

Core changes

 * - Updated git submodules
 * - Updated git submodules
 * - Updated git submodules
 * - Updated git submodules
 * - Updated git submodules
 * - Updated git submodules
 * - Updated git submodules
 * - ApiUpload: Better handle unreasonably large metadata in 'imageinfo'
 * - Updated git submodules
 * - Updated git submodules
 * - Add urls from various adware to the CSP false positive list
 * - Updated git submodules
 * - Updated git submodules
 * - Updated git submodules
 * - Updated git submodules
 * - mw.htmlform: Don't refer to OO.ui if it might not be loaded
 * - Updated git submodules
 * - Fix AuthManagerSpecialPage submit button logic
 * - Updated git submodules
 * - Updated git submodules
 * - Updated git submodules
 * - Updated git submodules
 * - mw.widgets.CategoryCapsuleItemWidget: Debug logging for "queue[title] is undefined"
 * - OutputPage.php: Reuse existing variable $user
 * - objectcache: Add missing @covers to unit tests
 * - Code cleanups to SqlBagOStuff
 * - Release notes for all the previous security patches
 * - Move EnqueueableDataUpdate to a separate file
 * - Remove redundant isLoggedIn call
 * - SECURITY: Move 'UserGetRights' call before application of Session::getAllowedUserRights
 * - SECURITY: XSS in unclosed internal links
 * - SECURITY: Escape '<' and ']]>' in inline blocks
 * - resourceloader: Move batch fetch logic out of mw.loader.work
 * - SECURITY: Require login to preview user CSS pages
 * - Various database class cleanups
 * - SECURITY: Do not allow undeleting a revdel'd file if its top file
 * - SECURITY: Make $wgBlockDisablesLogin also restrict logged in permissions
 * - Remove direct rollback calls from some places
 * - SECURITY: Make blocks log users out if $wgBlockDisablesLogin
 * - SECURITY: Check read permission when loading page content in ApiParse.
 * - Move invalidatePages to new PurgeJobUtils class
 * - Run LinksDeletionUpdate after commit in namespaceDupes.php
 * - Deprecated jQuery method .size replaced with property .length
 * - ApiUpload: Fix fatal in dieStatusWithCode
 * - Special:UserLogin: Don't show login button when not required
 * - API: Don't require 'users' parameter to contain all valid usernames
 * - HTMLForm: Refactor loading of modules required to infuse fields
 * - Unset weird ancient WMF-specific shared upload settings
 * - Pingback: Tweak docs a tiny bit to point to mw.org better
 * - SpecialExport: Add 'hide-if' to form definition
 * - Support 'hide-if' parameters in OOUI HTMLForm
 * - jquery.makeCollapsible: Support for .mw-collapsible-toggle inside 
 * - Add `.mw-ui-icon-small` to icon classes
 * - Use newer transaction methods in BatchRowWriter
 * - MWTimestamp: Allow providing a DateTime object directly
 * - Fix IDEA warning in VirtualRESTServiceClient
 * - Remove commit hack from User::addToDatabase
 * - debug: Don't separately calculate query runtime
 * - debug: Remove unused 'jquery.tipsy' dependency
 * - Give all idle transaction callbacks a chance to run
 * - Fix repo url in docs/database.txt
 * - Split DBLockManager classes into their own files
 * - mw.widgets.DateInputWidget: Fix label dimensions for Apex theme skins
 * - Detect when callers catch DB errors and fail to rollback
 * - Avoid INSERT..SELECT in MovePage
 * - Extract ParserOutput search index data fields from WikiTextContentHandler
 * - Send registration welcome email post-commit
 * - Clarify some WANObjectCache docs
 * - OutputPage: Make ResourceLoader position exemption more generic
 * - Check for warnings for assembled file after a chunked upload
 * - Do not automatically infuse any OOjs UI widgets
 * - Split the 'mediawiki.htmlform' module code into multiple files
 * - UploadBase: Stop mLocalFile doubling as stashed file
 * - ResourceLoaderImage: Use hashes for versioning instead of timestamps
 * - objectcache: add mcrouter support to WANObjectCache
 * - Issue 301 redirects for Special:Search/searchterm
 * - API: Insist authn parameters be in the POST body
 * - Send new account and password reset emails post-commit
 * - Allow requiring cache size for page props
 * - AuthManager: Allow for flagging fields as "sensitive"
 * - Revert "AuthManager: Commit transaction after auto-creating a user"
 * - Revert "Work around T87871 to avoid double-loading OOjs UI PHP styles"
 * - ResourceLoaderImageModule: Mark as style-only
 * - Allow marking legacy ContentHandler hooks as deprecated
 * - Remove useless check for MEDIAWIKI definition
 * - Add sanity check to getScopedLockAndFlush for pending writes
 * - getScopedLockAndFlush should not commit when exceptions are thrown
 * - installer: Update assets README to mention public-domain.png.
 * - Make doAtomicSection return the callback result
 * - resourceloader: Move mw.loader qunit tests to a separate file
 * - Remove pointless override of doStashFile in UploadFromStash
 * - Fix text extraction where we don't have proper file handler
 * - resourceloader: Add structure unit test to confirm messages exist
 * - objectcache: Optimize changeTTL for SqlBagOStuff
 * - ObjectFactoryTest: Add tests for 'factory' option
 * - phpunit: Add @covers to ObjectFactoryTest
 * - Run 'UploadStashFile' hook for chunked uploads too
 * - EditPage: Fix display of errors with multiple messages
 * - AuthManager: do not rewrite PRIMARY_REQUIRED to REQUIRED
 * - Let cleanupCaps.php clean up when $wgCapitalLinks is set to true
 * - ApiBase::getModuleSourceInfo: Use $wgExtensionDirectory
 * - Document that wfParseUrl can also return false
 * - installer: Remove "public domain" option in favor of CC-0
 * - ParserTest: Remove warning about gd extension not being installed
 * - StubObject: Allow using a factory function to construct the object
 * - Make transaction enforcement stricter
 * - Log failure reasons in ApiLogin
 * - Do not call the 'UploadStashFile' hook for partially uploaded files
 * - OutputPage: Apply target and origin filter to exempt modules
 * - Note that you shouldn't use a custom $salt for 'edit' or 'csrf'
 * - Add convenience commitAndWaitForReplication method
 * - Update OOjs UI to v0.17.8
 * - SkinTemplate: Move bottomScripts back sightly
 * - Actually enable the DBPerformance log in the API
 * - Database transaction flushing cleanups
 * - Sqlite: DBError expects a database object as its first parameter
 * - Browser tests: update to mw-selenium 1.7.2 and https
 * - Type hint array for HTMLFormFieldCloner::getInputHTMLForKey
 * - Replace blunt uses of resetExpectations with setSilenced for TransactionProfiler
 * - Always set DBO_DEFAULT by default for LBFactory classes for consistency
 * - Don't use SearchEngineConfig::searchableNamespaces in User::getDefaultOptions.
 * - MovePage: Fix old, old bug with moving over redirects
 * - Hide marked empty elements by default (stage 2)
 * - API: Force indexes for prop=linkshere|transcludedin|fileusage

Vendor

 * - Update OOjs UI to v0.17.8

AbuseFilter

 * - Fix User::isAllowedAny calls
 * - Add test coverage for more bizzare features of the filter parser
 * - Let abusefilter-modify users see history of hidden filters

BetaFeatures

 * - Kill the popup

CentralAuth

 * - Remove verbose cache miss log that was making notices
 * - Use isset for cache version check
 * - Change "editcount" to "edit count" in `i18n/en.json`
 * - Fix premature transactions commit problems
 * - Make sure status updates in jobs commit/rollback all DBs together
 * - Remove no-longer used GlobalCssJs hook
 * - Rename 'authmanager' log channel to 'authevents'

CirrusSearch

 * - Revert "Do not use the suggest reverse field if it's a non local search"
 * - Do not use the suggest reverse field if it's a non local search
 * - Initialize the UserTesting framework before creating a Connection
 * - Fallback to QueryString if we detect acronyms
 * - Temporarilly redirect RedirectsAndIncomingLinks job to a single db
 * - Suggest database to use pl_namespace index for link counting
 * - Use the UserTesting framework in maint scripts
 * - Fix a typo in BC code that handles toId => toPageId
 * - fromId was renamed to fromPageId
 * - Allow boost templates configuration with config vars
 * - Add an option to simulate backend latency
 * - Use top_terms_blended_freqs with FullTextSimpleMatchQueryBuilder
 * - Convert to short array syntax
 * - Centralize document id generation
 * - Disable recalcitrant relevancy test
 * - Simplify incoming_links counting from es query to mysql
 * - Auto-populate the wiki field when reindexing
 * - Adjust brower test settings and add tie_breaker support.
 * - Remove unused methods from Util
 * - Add profiles for relforge and enwiki
 * - Implement a new fulltext query builder

CodeEditor

 * - Update some packages

Collection

 * - Track the display of render pages

ConfirmEdit

 * - Fix mime type of ReCaptchaNoCaptcha
 * - Use string for Hooks in extension.json, instead of arrays
 * - Use TitleReadWhitelist for automatic whitelist

ContentTranslation

 * - Earlier evaluation of suggestions in the sidebar
 * - Copy from DOM instead of using vector-view-edit and vector-action-move
 * - Avoid deadlock patterns in cx_corpora updates

DonationInterface

 * - modules: Remove use of deprecated getModifiedTime
 * - Use IDENTIFIER constants instead of strings
 * - Prevent multiple Ingenico iFrames
 * - Log and send pending message for all redirects
 * - Paypal: set order ID = ct_id, email is an optional key

Echo

 * - Follow-up 8eda2aa3f: actually render the nojs message on Special:Notifications
 * - Fix special page visit logging
 * - Moderate notifications
 * - Log potential notification for mentions on changes
 * - Make dotdotdot menu not be extremely wide
 * - Move the badges down a bit in Monobook
 * - Always use php based diff in EchoDiscussionParserTest
 * - Make server-side logging always check whether schema is enabled
 * - Mobile action menu should stick to bottom of screen
 * - Log edits in multiple sections that could trigger mentions.
 * - Revert "Dim the title of current wiki if it has 0 notifications"
 * - Make Monobook use the same badge color scheme as Vector
 * - Include the 'no notifications' message in nojs div
 * - Make excerpts in bundles not italic, but still grey
 * - Add a rasterized email icons to Echo modules for email
 * - Tweak badge styles
 * - DiscussionParser stripSig from mention content
 * - Add bold names for mentions status notifications

EventBus

 * - I don't want this to be deployed during this weeks deployment train! Reverting until next week.
 * - Create new events matching new schemas in https://gerrit.wikimedia.org/r/#/c/301284/

EventLogging

 * - tests: Fix invalid @covers tag for testModuleVersion

FlaggedRevs

 * - Clean up transaction method calls in updateQueryCache

Flow

 * - Locate events using EventMapper instead of TargetPageMapper
 * - Fix parameter for convertNamespaceFromWikitext.php
 * - Use LIBXML_PARSEHUGE for deep XML documents

GeoData

 * - Implement new search hooks from core
 * - Use strict comparisons in equalsTo and fullyEqualsTo
 * - Use setMwGlobals to preserve global state
 * - Switch to automatic unit test registration

GlobalBlocking

 * - Add 'modify' parameter to globalblock api

Graph

 * - Fix CodeEditor usage in GraphSandbox

GuidedTour

 * - Fix typo from 062eca7
 * - Only register VE tour if VE is installed

Kartographer

 * - Frame and caption with existing .thumb/.thumbinner CSS
 * - Round coordinates based on zoom level
 * - Remove unused messages
 * - Fix mapframe not displaying properly when placed
 * - Fix maplink not reading zoom/lat/lon when no POIs

MassMessage

 * - Don't override ContentHandler::unserializeContent
 * - Remove 'UnitTestList' hook
 * - Update bootstrapping of $wgConf in unit tests

Math

 * - Improve error reporting

MobileFrontend

 * - build: Pass --path vendor/bundle to bundle install
 * - Cleanup FIXMES
 * - Promote contributions button to stable menu
 * - Fix InfiniteScroll to unbind scroll events when disabled
 * - Combine resize handlers into the global one
 * - Combine scroll handlers into the global one

MultimediaViewer

 * - Update beta test URL to use HTTPS

OAuth

 * - Only set $wgOAuthSecretKey if unset

ORES

 * - Improvements to purging cache:
 * - Fix for purging scores
 * - Fix CheckModelVersions by changing order of actions

PdfHandler

 * - SECURITY: Add -dSAFER to ghostscript as a hardening measure

Popups

 * - Remove jQuery.jStorage shim

ProofreadPage

 * - Fix ProofreadPage::updatePrIndex signature
 * - Fix hooks signatures
 * - Document what are ARK and NAAN
 * - Remove backwards compatibility code
 * - Optimize imports
 * - Improve ProofreadPage method signatures
 * - Throw MWException on fatal error
 * - Clean up code: SpecialProofreadIndexOai::listMetadataFormats
 * - Clean up code: get rid of $a and $x in ProofreadPage
 * - Use camel case in methods
 * - Explicitely declare method visibility
 * - Ensure EOL at EOF
 * - Fix unknown constant AS_HOOK_ERROR issue in ProofreadPage

RevisionSlider

 * - Rephrase the label of the slider visibility toggle button
 * - Remove transition on revision wrapper hover.
 * - Highlight revision bar when hovering revision wrapper.
 * - Remove 1px height from pointer container.
 * - Expand draggable/clickable pointer area.
 * - Add type hints to getBetaFeaturePreferences
 * - Remove unused message.
 * - Reload side panel when loading a new diff.
 * - Expand slider if there are space for more revision at the beginning
 * - Reload the page menu when loading a new revision.
 * - Resize revision slider when resizing the browser window.
 * - Use moment.js's localized date and time format

Scribunto

 * - Add mw.hash to Scribunto

SecurePoll

 * - Make SecurePoll_VoterEligibilityPage more atomic and avoid single DB commits
 * - First letter of the string should be fetched using ms_substr and not using square brackets; the latter is not multibyte compliant.
 * - Clean up SecurePoll_CreatePage transactions
 * - Clean up and simplify SecurePoll_PopulateVoterListJob transaction logic
 * - Remove extra tag from the output of the tallier

SemanticForms

 * - Fix for "page name" setting in "default filename"
 * - Fix for image preview - fix of f835de3d3fa1
 * - Autocompletion fixes for PostgreSQL

SpamBlacklist

 * - Add 'message' property to API output
 * - Set $wgBlacklistSettings in extension.json

TemplateData

 * - Fix renaming of parameters to another existing name
 * - Fix renaming of parameters to the same name
 * - Warn editors when they're adding blank TemplateData

TextExtracts

 * - ExtractFormatter should not test the Parser

Translate

 * - Fix more PHP notices in Special:ExportTranslations redirects
 * - Use TitleGetEditNotices hook for showing edit notice instead of AlternateEdit
 * - Unbreak tux=0 form submission
 * - Avoid fatal errors in TranslationsUpdateJob
 * - Guard against null $title in TranslateHooks::onAbuseFilterFilterAction
 * - characterEditStats.php: simplify and support date ranges past $wgRCMaxAge
 * - Avoid using RequestContext::getMain in ArticleViewHeader hook
 * - TranslateSandbox: also delete log entries for deleted users.

UniversalLanguageSelector

 * - ext.uls.compactlinks: consistently normalize language codes
 * - Apply toLowerCase when reading featured articles
 * - Earlier evaluation of compactlinks
 * - Do not load schema.UniversalLanguageSelector explicitly
 * - Enable UniversalLanguageSelector modules for mobile
 * - Remove jquery.tipsy from UniversalLanguageSelector

UploadWizard

 * - More debug logging for Firefox's 'NS_ERROR_NOT_AVAILABLE' exceptions
 * - mw.UploadWizardUpload: Don't try to get API thumbnails for error uploads
 * - mw.FormDataTransport: Handle hopeless cases
 * - mw.FormDataTransport: Unbreak error handling for async uploads
 * - mw.FormDataTransport: Don't set filekey with offset=0 when retrying
 * - Localize SpamBlacklist errors & make then recoverable

UserMerge

 * - Switch to using atomic sections and commitMasterChanges
 * - Avoid unit test failures in deduplicateWatchlistEntries

VipsScaler

 * - Fix localisation messages in extension registration
 * - Remove error message displayed by Special:VipsTest when no file is given

VisualEditor

 * - Restore parent method call in ce.MWHeadingNode#onUpdate
 * - Update VE core submodule to master (01e1b22)
 * - init: port in isUnModifiedLeftClick without any VE core dependencies
 * - Fix language screenshots timeout error
 * - Remove Ruby implementation of language screenshots
 * - Defer preferences update and avoid CAS errors in onUserLoggedIn
 * - Fix insertion of templates, media, and various other things into wikitext surface
 * - Don't show unsaved-changes warning if user has already saved in wikitext dialog
 * - i18n: Reduce 'visualeditor-beta-warning' to just an invite to report issues
 * - Fix name of mweditmodeve-tool message

WikimediaEvents

 * - Turn on CirrusSearch bm25 A/B test

WikimediaMessages

 * - Fix incorrect directory for i18n messages