Notes de mise à jour/1.24

Jump to navigation Jump to search
This page is a translated version of the page Release notes/1.24 and the translation is 98% complete.
Outdated translations are marked like this.

Notes de mise à jour de MediaWiki

Rappel de sécurité : Si vous avez l'option PHP register_globals active, vous devez la désactiver. MediaWiki ne fonctionnera plus si l'option est activée.

MediaWiki 1.24.6

Il s'agit d'une mise à jour sécurité et maintenance de la branche MediaWiki 1.24.

Changements depuis la version 1.24.5

  • (T121892) Fix fatal error on some Special pages, introduced in 1.24.5.

MediaWiki 1.24.5

Il s'agit d'une mise à jour sécurité et maintenance de la branche MediaWiki 1.24.

Changements depuis la version 1.24.4

  • (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths that do not begin with a slash. This enabled trivial XSS attacks. Configuration values such as "$1" are fine, as are "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an error.
  • (T119309) SECURITY: Use hash_compare() for edit token comparison
  • (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting with '@' as file uploads
  • (T115522) SECURITY: Passwords generated by User::randomPassword() can no longer be shorter than $wgMinimalPasswordLength
  • (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could result in improper blocks being issued
  • (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions and related pages no longer use HTTP redirects and are now redirected by MediaWiki
  • (T103237) $wgUseGzip had no effect when using file cache.

MediaWiki 1.24.4

Il s'agit d'une mise à jour sécurité et maintenance de la branche MediaWiki 1.24.

Changements depuis la version 1.24.3

  • (T91653) Minimal PSR-3 debug logger to support backports from 1.25+.
  • (T68650) Fix indexing of moved pages with PostgreSQL. Requires running update.php to fix.
  • (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload
  • (T91203, T91205) SECURITY: API: Improve validation in chunked uploading
  • (T95589) SECURITY: RevDel: Check all revisions for suppression, not just the first
  • (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails

MediaWiki 1.24.3

Publication de sécurité et de maintenance de la branche 1.24.

Changements depuis la version 1.24.2 (en anglais)

  • (T94116) SECURITY: Compare API watchlist token in constant time
  • (T97391) SECURITY: Escape error message strings in thumb.php
  • (T106893) SECURITY: Don't leak autoblocked IP addresses on Special:DeletedContributions
  • Update jQuery from v1.11.2 to v1.11.3.
  • (T102562) Fix InstantCommons parameters to handle the new HTTPS-only policy of Wikimedia Commons.

MediaWiki 1.24.2

Il s'agit d'une mise à jour sécurité et maintenance de la branche MediaWiki 1.24.

Changements depuis la version 1.24.1 (en anglais)

  • (bogue T85848, bogue T71210) SECURITY: Don't parse XMP blocks that contain XML entities, to prevent various DoS attacks.
  • (bogue T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce likelihood of DoS.
  • (bogue T88310) SECURITY: Always expand xml entities when checking SVG's.
  • (bogue T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
  • (bogue T85855) SECURITY: Don't execute another user's CSS or JS on preview.
  • (bogue T64685) SECURITY: Allow setting maximal password length to prevent DoS when using PBKDF2.
  • (bogue T85349, bogue T85850, bogue T86711) SECURITY: Multiple issues fixed in SVG filtering to prevent XSS and protect viewer's privacy.
  • Fix case of SpecialAllPages/SpecialAllMessages in SpecialPageFactory to fix loading these special pages when $wgAutoloadAttemptLowercase is false.
  • (bogue T70087) Fix Special:ActiveUsers page for installations using PostgreSQL.
  • (bogue T76254) Fix deleting of pages with PostgreSQL. Requires a schema change and running update.php to fix.

MediaWiki 1.24.1

Il s'agit d'une mise à jour sécurité et maintenance de la branche MediaWiki 1.24.

Changements depuis la version 1.24.0 (en anglais)

  • (bogue T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this.
  • (bogue T77028) [SECURITY] Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as part of its name.
  • (bogue T74222) The original patch for T74222 was reverted as unnecessary.
  • Fixed a couple of entries in RELEASE-NOTES-1.24.
  • (bogue T76168) OutputPage: Add accessors for some protected properties.
  • (bogue T74834) Make 1.24 branch directly installable under PostgreSQL.

MediaWiki 1.24

MediaWiki 1.24.0 est la branche stable et est recommandé pour une utilisation en production.

MediaWiki 1.24 est une mise à jour majeure qui contient de nouvelles fonctionnalités ainsi que des corrections de bogues. Voici une liste exhaustive des changements liés à cette version (en anglais).

Nos remerciements à tous ceux qui nous ont aidé à améliorer MediaWiki en effectuant des batteries de tests sur la version bêta et qui nous ont soumis les rapports de bogues.

Changements de configuration

  • MediaWiki will no longer run if register_globals is enabled. It has been deprecated for 5 years now, and was removed in PHP 5.4. For more information about why, see <>.
  • MediaWiki now requires PHP's iconv extension. openSUSE users may need to install the php5-iconv package. Users of other systems may need to add to php.ini or recompile PHP without --without-iconv.
  • MediaWiki will no longer function if magic quotes are enabled. It has been deprecated for 5 years now, and was removed in PHP 5.4.
  • The server's canonical hostname is available as $wgServerName , which is exposed in both mw.config and ApiQuerySiteInfo.
  • Introduced $wgPagePropsHaveSortkey as a backwards-compatibility switch, for using the old schema of the page_props table, in case the respective schema update was not applied.
  • $wgSearchEverythingOnlyLoggedIn was removed as the 'searcheverything' user option was removed. Use $wgNamespacesToBeSearchedDefault instead or if you used to have $wgDefaultUserOptions ['searcheverything'] = 1.
  • $wgMasterWaitTimeout has been deprecated.
  • $wgDBClusterTimeout has been removed.
  • $wgProxyKey has been removed. It is no longer used by MediaWiki core. Ensure $wgSecretKey is set in LocalSettings.php.
  • $wgExtraInterlanguageLinkPrefixes is a new configuration variable that contains an array of interwiki prefixes that should be treated as language prefixes (i.e. turned into interlanguage links when $wgInterwikiMagic is set to true).
  • $wgParserTestRemote has been removed.
  • $wgCountTotalSearchHits has been removed. If you're concerned about efficiency of search, you should use something like CirrusSearch instead of built in search.
  • Users in the 'sysop' group have access to Special:MergeHistory by default.
  • $wgFileStore was removed after having been deprecated in 1.17. Alternative configurations are $wgDeletedDirectory and $wgHashedUploadDirectory .
  • The deprecated $wgUseCommaCount variable has been removed.
  • $wgEnableSorbs and $wgSorbsUrl have been removed.
  • The UserCryptPassword and UserComparePasswords hooks are no longer called. Any extensions using them must be updated to use the Password Hashing API.
  • $wgCompiledFiles has been removed.
  • $wgSortSpecialPages was removed, the listing on Special:SpecialPages is now always sorted.
  • $wgHTCPMulticastAddress , $wgHTCPMulticastRouting and $wgHTCPPort were removed.
  • $wgRC2UDPAddress , $wgRC2UDPInterwikiPrefix , $wgRC2UDPOmitBots , $wgRC2UDPPort and $wgRC2UDPPrefix have been removed.
  • The default password type for MediaWiki has been changed from MD5 to PBKDF2. Password hashes will automatically be updated as users log in. If necessary, the old MD5 hashing can be restored by changing $wgPasswordDefault to 'B'. In addition, there is a maintenance script wrapOldPasswords.php that can wrap all passwords in PBKDF2 (or the hashing algorithm of your choice) if you don't want to wait for your users to log in.
  • $wgImportSources can now either be a regular array, or an associative map specifying subprojects on the interwiki map of the target wiki, or a mix of the two. Existing configurations will still work.
  • Users must be able to edit through a page's protection to be able to delete it.
  • The default thumb size ($wgDefaultUserOptions ['thumbsize']) is now 300px, up from 180px. If you have altered the number of entries in $wgThumbLimits for your wiki, you may need to adjust your default user settings to compensate for the index change.
  • $wgDeferredUpdateList is now deprecated, you should use DeferredUpdates::addUpdate() instead.
  • $wgCanonicalLanguageLinks has been removed. Per Google recommendations, we will not send a rel=canonical pointing to a variant-neutral page, however we will send rel=alternate.

Nouvelles fonctionnalités

  • Added new hook WatchlistEditorBeforeFormRender, allowing subscribers to manipulate the list of pages and/or preload lots of data at once.
  • Added new argument &$link in hook WatchlistEditorBuildRemoveLine, allowing the link to the title to be changed.
  • Added a new hook, "WhatLinksHereProps", to allow extensions to annotate WhatLinksHere entries.
  • Added a new hook, "ContentGetParserOutput", to customize parser output for a given content object.
  • Deprecated the hook "ShowRawCssJs", use "ContentGetParserOutput" instead.
  • HTMLForm's HTMLTextField now supports the 'url' type.
  • HTMLForm fields may now be dynamically hidden based on the values of other fields in the form.
  • HTMLForm now supports multiple copies of an input field or set of input fields, e.g. the form may request "one or more usernames" without having to have the user enter delimited list of names into a text field.
  • Added a new hook, "SidebarBeforeOutput", to allow to edit the structure of the sidebar just before its display.
  • (bogue 49156) Added the mediawiki.cookie ResourceLoader module, which wraps jquery.cookie so that getting/setting a cookie is syntactically and functionally similar to using the WebRequest::getCookie() and WebResponse::setcookie() methods.
  • (bogue 44740) jQuery upgraded from 1.8.3 to 1.11.1. A new configuration option, $wgIncludejQueryMigrate , also loads the jQuery Migrate hack to let extensions and gadgets use the long-deprecated functions that were removed in jQuery 1.9. This option is turned off by default, and will be removed in MediaWiki 1.25.
  • (bogue 47076) jQuery UI upgraded from 1.8.24 to 1.9.2.
  • Changes to content typography (fonts, etc.). See for further information.
  • WikitextContent will now render redirects with the expected "redirect" header, rather than as an ordered list. Code calling Article::viewRedirect can probably be changed to no longer special-case redirects.
  • Header font set to a serif font stack. See for further information.
  • (bogue 65567) Added a new hook, "BeforeHttpsRedirect", to allow cancellation of the HTTP to HTTPS redirect due to forceHTTPS cookie, userRequires, etc. This is only for page views, since this hook doesn't affect UserLogin, OAuth, CentralAuth, etc. ATTENTION: This hook is likely to be removed soon due to overall design of the system.
  • (bogue 17367) It is now possible to add pages to your watchlist from Special:UnwatchedPages without reloading the special page.
  • New methods setVolatile and isVolatile are added to PPFrame, so that extensions such as Cite.php can mark that their output is volatile and shouldn't be cached.
  • (bogue 52817) Advanced search options are now saved on the search page itself, rather than in a dedicated pane in the preferences panel.
  • (bogue 44591) The dropdown actions menu (little triangle next to page tabs) in the Vector skin has gained a label that should make it more discoverable.
  • MWCryptHKDF added for fast, cryptographically secure random number generation that won't deplete openssl's entropy pool.
  • ResourceLoader: File modules can now provide a skip function that uses an inline feature test to bypass loading of the module.
  • (bogue 20210) Special pages may now provide autocompletion of their subpage names in search suggestions. Right now the only useful implementation is in Special:Log, but more are to come.
  • Special:MostLinkedTemplates is no longer limited to transclusions from the Template namespace.
  • Skins can now use 'remoteSkinPath' when defining ResourceLoader modules. This works the same as 'remoteExtPath' but is relative to the skins/ folder instead of the extensions/ folder.
  • Added the json2.js polyfill for the ES5 JSON.stringify and JSON.parse methods. Exposed as module "json" with a skip function to optimise loading.
  • Extensions and skins may now use 'namemsg' in $wgExtensionCredits in addition to 'name', to allow for the name to be localizable. 'name' should still be specified for backwards-compatibility and to define the path Special:Version uses to find extension license information.
  • Browser tests are now included to verify basic wiki functionality in developer environments. For details on running tests, see tests/browser/README.mediawiki.
  • Upgrade jStorage to v0.4.10.
  • {{!}} is now a magic word that produces the | character. This removes the need for Template:! for purposes such as passing pipes inside of parameters.
  • (bogue 20790) The block log snippet on Special:Contributions and while editing user and user talk pages now works for IP range blocks.
  • (bug 9360) Added ability to change the page language for MediaWiki pages using Special:PageLanguage. All pages are set to wiki language by default. The feature needs to be enabled with $wgPageLanguageUseDB =true and permission needs to be set for 'pagelang'.
  • Upgrade Moment.js to v2.8.3.
  • (bogue 67042) Added support for the HTML5 <rtc> tag for East Asian typography.
  • Upgrade Sinon.JS to 1.10.3.
  • Added the es5-shim polyfill for older or non-compliant javascript engines.
  • Upgrade jQuery Cookie to v1.3.1.
  • (bogue 20476) Add a "viewsuppressed" user right to be able to view suppressed content but not suppress it ("suppressrevision" right).
  • (bogue 66440) The MediaWiki web installer will now allow you to choose the skins to enable (from the ones included in download tarball) and decide which one should be the default.
  • (bug 68085, 68802) Links like [[localInterwikiPrefix:languageCode:pageTitle]], where localInterwikiPrefix is a member of the $wgLocalInterwikis array, will no longer be displayed in the sidebar when $wgInterwikiMagic is true. In a similar way, links like [[localInterwikiPrefix:File:Image.png]] and [[localInterwikiPrefix:Category:Hello]] will now render as regular links, and will not include the file or add the page to the category.
  • New special page, MyLanguages, to redirect users to subpages with localised versions of a page. (Integrated from Extension:Translate)
  • MediaWiki now supports multiple password types, including bcrypt and PBKDF2. The default type can be changed with $wgPasswordDefault and the type configurations can be changed with $wgPasswordConfig .
  • Skins can now define custom styles for default ResourceLoader modules using the $wgResourceModuleSkinStyles global. See the Vector skin for examples.
  • (bogue 4488) There is now a preference to watch pages where the user has rollbacked an edit by default.
  • (bogue 15484) Users will now be redirected to the login page when they need to log in, rather than being shown a page asking them to log in and having to click another link to actually get to the login page.
  • A JsonContent and JsonContentHandler were added for extensions to extend.
  • (bogue 35045) Redirects to sections will now update the URL in browser's address bar using the HTML5 History API. When [[Dog]] redirects to [[Animals#Dog]], the user will now see "Animals#Dog" in their browser instead of "Dog#Dog".
  • API token handling has been rewritten. Any API module using tokens will need to be updated. See the entry below under "Action API internal changes".
  • Added HTMLAutoCompleteSelectField.
  • Added a new hook, "SkinPreloadExistence", to allow extensions to add titles to link existence cache before the page is rendered.
  • Config::set() was moved to its own interface, MutableConfig. GlobalVarConfig::set() is now deprecated, does not implement MutableConfig.
  • A MutableConfig named HashConfig was added, that stores an array of configuration settings.
  • (bogue 69418) A MultiConfig implementation was added that supports fallback to multiple Config instances.

Corrections de bugs

  • (bogue 50572) MediaWiki:Blockip should support gender
  • (bogue 49116) Footer copyright notice is now always displayed in user language rather than content language (same as copyright notice for editing interface).
  • (bogue 62258) A bug was fixed in File::getUnscaledThumb when a height restriction was present in the parameters. Images with both the "frame" option and a size specification set will now always ignore the provided size and display an unscaled image, as the documentation has always claimed it would.
  • (bogue 39035) Improved Vector skin performance by removing collapsibleNav, which used to collapse some sidebar elements by default. This removes -list id suffixes like p-lang-list: instead of using things like #p-lang-list, you can do #p-lang .body ul.
  • (bogue 890) Links in Special:RecentChanges and Special:Watchlist no longer follow redirects to their target pages.
  • Parser now dies early if called recursively, instead of producing subtle bugs.
  • (bogue 14323) Redirect pages, when viewed with redirect=no, no longer hide the remaining page content.
  • (bogue 52587) Maintenance script deleteBatch.php no longer follows redirects in the file namespace and delete the file on the target page. It will still however delete the redirect page.
  • (bogue 22683) {{msgnw:}} and other uses of PPFrame::RECOVER_ORIG will correctly recover the original code of extension tags.
  • (bogue 65757) MSSQL: Update script drops unnamed constraints to be prepared for future updates. Because it's doing so heuristically, it may fail or drop wrong constraints.
  • (bogue 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes.
  • $wgRunJobsAsync now works with private wikis (e.g. read requires login).
  • (bugs 57238, 65206) Blank pages can now be directly created.
  • (bogue 69789) Title::getContentModel() now loads from the database when necessary instead of incorrectly returning the default content model.
  • (bogue 69249) wfBaseConvert() now works around PHP Bug #50175 when using GMP.
  • (bogue 57909) URLs in the externallinks table will no longer have certain characters decoded in the query string.
  • (bogue 67368) LESS mixins like .background-image() correctly flip image references for RTL stylesheets now.
  • (bogue 66776, bogue 71478) SECURITY: User PleaseStand reported a way to inject code into API clients that used format=php to process pages that underwent flash policy mangling. This was fixed along with improving how the mangling was done for format=json, and allowing sites to disable the mangling using $wgMangleFlashPolicy .
  • (bogue 70901) SECURITY: User Jackmcbarn reported that the ability to update the content model for a page could allow an unprivileged attacker to edit another user's common.js under certain circumstances. The user right "editcontentmodel" was added, and is needed to change a revision's content model.
  • (bogue 71111) SECURITY: User PleaseStand reported that on wikis that allow raw HTML, it is not safe to preview wikitext coming from an untrusted source such as a cross-site request. Thus add an edit token to the form, and when raw HTML is allowed, ensure the token is provided before showing the preview. This check is not performed on wikis that both allow raw HTML and anonymous editing, since there are easier ways to exploit that scenario.
  • (bogue 74222) SECURITY: Do not show log action when the entry is revdeleted with DELETED_ACTION. NOTICE: this may be reverted in a future release pending a public RFC about the desired functionality. This issue was reported by user Bawolff.
  • (bogue 71621) Make allowing site-wide styles on restricted special pages a config option.
  • (bogue 42723) Added updated version history from 1.19.2 to 1.22.13
  • $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that might be a flash policy directive configurable.

Changements de l’API action

  • action=parse API now supports prop=modules, which provides the list of ResourceLoader modules that should be used to enhance the parsed content.
  • action=query&meta=siteinfo&siprop=interwikimap returns a new "protorel" field which is true if protocol-relative urls can be used to access a particular interwiki map entry.
  • list=logevents now provides logpage, which is the page ID from the logging table, if ids are requested and the user has the permissions.
  • action=edit now requires that appendtext, prependtext, or section=new be used when using the 'redirect' parameter, to prevent clients accidentally overwriting the target page with the content of the redirect.
  • list=logevents will now return an error if both letitle and leprefix are specified.
  • list=logevents has a new parameter, lenamespace, to allow filtering by namespace.
  • action=expandtemplates has a new parameter, prop, and a new output format. The old format is still used if prop isn't provided, but this is deprecated.
  • meta=userinfo can now return the count of unread pages on the watchlist.
  • list=watchlist can now filter by unread status.
  • The deprecated action=parse&prop=languageshtml has been removed.
  • (bogue 48071) action=setnotificationtimestamp no longer throws PHP or database errors when no pages are given.
  • (bogue 60734) Actions that use ApiPageSet (e.g. purge, watch, setnotificationtimestamp) will now include continuation information when using a generator.
  • Removed 'props' and 'errors' from action=paraminfo, as they have extremely limited use and are generally inaccurate, unmaintained, and impossible to properly maintain.
  • Formats dbg, dump, txt, wddx, and yaml are now deprecated.
  • action=paraminfo now indicates when a parameter is specifying a submodule.
  • The iwurl parameter to prop=iwlinks is deprecated in favor of iwprop=url, for parallelism with prop=langlinks.
  • All tokens should be fetched from action=query&meta=tokens; all other methods of fetching tokens are deprecated. The value needed for meta=tokens's 'type' parameter for each module is documented in the action=help output and is returned from action=paraminfo.
  • New action ClearHasMsg that can be used to clear HasMsg flag.
  • The cmstartsortkey and cmendsortkey parameters to list=categorymembers are deprecated in favor of cmstarthexsortkey and cmendhexsortkey.
  • (bogue 63326) Add blockedtimestamp field to output of blockinfo property for the list=allusers and list=users modules.
  • prop=imageinfo no longer requires iiurlwidth to be set when using iiurlparam.
  • Added prop=linkshere, prop=fileusage, and prop=transcludedin, which are roughly equivalent to list=backlinks, list=imageusage, and list=embeddedin but can work on a list of titles (including titles from a generator).
  • prop=redirects can now filter returned redirects by namespace.

Changements internes de l’API action

  • Methods for handling continuation are added to ApiResult, so actions other than query that use generators can easily support continuation.
  • $wgAPIModules (and the related $wgAPIFormatModules , $wgAPIMetaModules , $wgAPIPropModules , and $wgAPIListModules settings) now allow API modules to be specified using a "module spec" array instead of a plain class name. A "module spec" is an associative array containing at least the 'class' key for the module's class, and optionally a 'factory' key for the factory function to use for the module. This is intended for extensions that want control over the instantiation of their API modules, to allow for proper dependency injection.
  • A new param type 'submodule' is available. Parameters of this type will take the list of valid values from the module's ApiModuleManager for the group corresponding to the parameter name.
  • The 'APIGetPossibleErrors' and 'APIGetResultProperties' hooks are no longer used.
  • API token handling has been rewritten. Any API module using tokens will need to be updated:
    • ApiBase::needsToken now returns a token type instead of boolean true when a token is needed. Returning true will throw an exception. See documentation of that method for details.
    • Information for the 'token' parameter is automatically set by ApiBase getFinalParams and getFinalParamDescription.
    • ApiBase::getTokenSalt has been removed.
    • The hooks APIQueryInfoTokens, APIQueryRevisionsTokens, APIQueryRecentChangesTokens, APIQueryUsersTokens, and ApiTokensGetTokenTypes are deprecated, but are still called to support backwards-compatible token access.
  • ApiBase::validateLimit and ApiBase::validateTimestamp are now protected.
  • ApiQueryRedirects was removed; prop=redirects is now implemented by ApiQueryBacklinksProp along with the newly-added prop modules.
  • The following methods have been deprecated and may be removed in a future release:
    • ApiBase::getResultProperties
    • ApiBase::getFinalResultProperties
    • ApiBase::addTokenProperties
    • ApiBase::getRequireOnlyOneParameterErrorMessages
    • ApiBase::getRequireMaxOneParameterErrorMessages
    • ApiBase::getRequireAtLeastOneParameterErrorMessages
    • ApiBase::getTitleOrPageIdErrorMessage
    • ApiBase::getPossibleErrors
    • ApiBase::getFinalPossibleErrors
    • ApiBase::parseErrors
    • ApiQuery::setGeneratorContinue
    • ApiQueryBase::checkRowCount
    • ApiQueryBase::titleToKey
    • ApiQueryBase::keyToTitle
    • ApiQueryBase::keyPartToTitle
    • ApiQueryInfo::getTokenFunctions
    • ApiQueryInfo::resetTokenCache
    • ApiQueryInfo::getEditToken
    • ApiQueryInfo::getDeleteToken
    • ApiQueryInfo::getProtectToken
    • ApiQueryInfo::getMoveToken
    • ApiQueryInfo::getBlockToken
    • ApiQueryInfo::getUnblockToken
    • ApiQueryInfo::getEmailToken
    • ApiQueryInfo::getImportToken
    • ApiQueryInfo::getWatchToken
    • ApiQueryInfo::getOptionsToken
    • ApiQueryRecentChanges::getTokenFunctions
    • ApiQueryRecentChanges::getPatrolToken
    • ApiQueryRevisions::getTokenFunctions
    • ApiQueryRevisions::getRollbackToken
    • ApiQueryUsers::getTokenFunctions
    • ApiQueryUsers::getUserrightsToken
  • The following classes have been deprecated and may be removed in a future release:
    • ApiFormatDbg
    • ApiFormatDump
    • ApiFormatTxt
    • ApiFormatWddx
    • ApiFormatYaml
    • ApiTokens

Langues mises à jour

MediaWiki supporte plus de 350 langues. Beaucoup de localisations sont mises à jour régulièrement. Ci-dessous sont listés les langues nouvelles ainsi que celles qui sont enlevées, de même que les modifications de langue liées aux rapports Bugzilla.

Autres modifications

  • The deprecated jquery.delayedBind ResourceLoader module was removed.
  • The deprecated function mw.util.toggleToc was removed.
  • The Special:Search hooks SpecialSearchGo and SpecialSearchResultsAppend were removed as they were unused.
  • (bogue 65477) User::pingLimiter() now has an additional profile point varying by action being used.
  • mediawiki.util.$content no longer supports old versions of the Vector, MonoBook, Modern and CologneBlue skins that don't yet implement the "mw-body" and/or "mw-body-primary" class name in their html.
  • Added pp_sortkey column to page_props table, so pages can be efficiently queried and sorted by property value (bogue 58032). See $wgPagePropsHaveSortkey if you want to postpone the schema change.
  • BREAKING CHANGE: All four built-in MediaWiki skins (Vector, Monobook, Modern and Cologne Blue) were moved out of MediaWiki core to their own respective repositories. They will be installed with the release tarball, but you must install them separately if installing MediaWiki from source code. A warning message displayed until you do it should guide you through the process. See also <>.
  • BREAKING CHANGE: Skins built for MediaWiki 1.15 and earlier that do not use the "headelement" template key are no longer supported. Setting $useHeadElement = false; is no longer supported and will not cause old keys like "headlinks", "skinnameclass", etc. to be defined.
  • BREAKING CHANGE: The files commonElements.css, commonContent.css and commonInterface.css (in skins/common/) have been removed. Skins may no longer rely on their presence and include them in their style modules. ResourceLoader modules introduced in MediaWiki 1.23 should be loaded instead:
 - skins/common/commonElements.css  → 'mediawiki.skinning.elements' module
 - skins/common/commonContent.css   → 'mediawiki.skinning.content' module
 - skins/common/commonInterface.css → 'mediawiki.skinning.interface' module
  • The deprecated 'SpecialVersionExtensionTypes' hook was removed.
  • (bogue 63891) Add 'X-Robots-Tag: noindex' header in action=render pages.
  • SpecialPage no longer supports the syntax for invoking wfSpecial*() functions. Special pages should subclass SpecialPage and implement the execute() method.
  • (bogue 63755) The deprecated constants RC_MOVE and RC_MOVE_OVER_REDIRECT were removed.
  • Special:MostLinkedTemplates has been renamed to Special:MostTranscludedPages.
  • The skin autodiscovery mechanism has been deprecated and will be removed in MediaWiki 1.25. See for migration guide for creators and users of custom skins that relied on it.
  • ResourceLoaderFileModule#getAllStyleFiles now returns all style files and all skin style files used by the module.
  • Removed getLang() from IContextSource and subclasses. (deprecated since 1.19)
  • Removed setLang() from subclasses of IContextSource. (deprecated since 1.19)
  • Removed WebRequest::escapeAppendQuery(). (deprecated since 1.20)
  • Removed info(), purge(), revert() and rollback() from the Article class; they have since become subclasses of the Action class. (deprecated since 1.19)
  • SearchEngineReplacePrefixesComplete hook was removed.
  • The "jquery.json" module has been deprecated. Use the "json" module instead.
  • Removed HTMLForm::addJS(). (deprecated since 1.18)
  • Removed LogEventsList::showHeader(). (deprecated since 1.19)
  • Removed ImageGalleryBase::useSkin(). (deprecated since 1.18)
  • Removed DatabaseMysqlBase::getLagFromProcesslist(). (deprecated since 1.19)
  • Removed LoadBalancer::closeConnecton(). (deprecated since 1.18)
  • Removed ApiBase::createContext(). (deprecated since 1.19)
  • BREAKING CHANGE: The undocumented Special{$this->getName()}BeforeFormDisplay set of hooks has been removed and replaced by a single new hook SpecialPageBeforeFormDisplay.
  • (bogue 65781) Removed block warning on included {{Special:Contributions}}
  • Removed Skin::makeGlobalVariablesScript(). (deprecated since 1.19)
  • Removed MWNamespace::isMain(). (deprecated since 1.19)
  • Removed Preferences::loadOldSearchNs(). (deprecated since 1.19)
  • Removed OutputPage::getStatusMessage(). (deprecated since 1.18)
  • Removed OutputPage::isUserJsAllowed(). (deprecated since 1.18)
  • Removed Title::updateTitleProtection(). (deprecated since 1.19)
  • Removed ParserOptions::setSkin(). (deprecated since 1.19)
  • Removed Title::escapeCanonicalURL(). (deprecated since 1.19)
  • Removed Title::escapeLocalURL(). (deprecated since 1.19)
  • Removed Title::escapeFullURL(). (deprecated since 1.19)
  • Removed User::isValidEmailAddr(). (deprecated since 1.18)
  • Removed Title::getEscapedText(). (deprecated since 1.19)
  • Removed Language::getFallbackLanguageCode(). (deprecated since 1.19)
  • Removed WikiPage::isBigDeletion(). (deprecated since 1.19)
  • Removed MWInit class which contained functions related to a now discontinued PHP compiler called hphpc. (deprecated since 1.22)
  • ApiResult::enableSizeCheck() and disableSizeCheck() are now obsolete.
  • Removed ResourceLoaderGetStartupModules hook. (deprecated since 1.23)
  • Removed getFormFields(), onSubmit() and onSuccess() from FormlessAction, as these were meant specifically for FormAction instead.
  • Removed Action::execute().
  • Removed AjaxAddScript which has been obsolete since ResourceLoader and is unused by any modern extension.
  • Removed maintenance/nextJobDB.php; no longer in use.
  • Removed global function wfViewPrevNext(). (deprecated since 1.19)
  • Removed global function xmlsafe() from Export.php. (moved to OAIRepo extension)
  • Removed Title::userCanRead(). (deprecated since 1.19)
  • Removed maintenance script importTextFile.php. Use edit.php script instead.
  • A _from_namespace field has been added to the templatelinks, pagelinks, and filelinks tables. Run update.php to apply this change to the schema.
  • Removed File::sha1Base36(). (deprecated since 1.19)
  • Removed File::getPropsFromPath(). (deprecated since 1.19)
  • Removed functions blockedPage(), noCreatePermission(), readOnlyPage() and userNotLoggedInPage() from EditPage.php. (deprecated since 1.19)
  • Removed functions getContent(), getPreloadedText(), mergeChangesInto() and setPreloadedText() from EditPage.php. (deprecated since 1.21)
  • Removed global functions wfArrayLookup(), wfArrayMerge(), wfDebugDieBacktrace() and wfTime(). (deprecated since 1.22)
  • Browser support for Internet Explorer 6 and 7 lowered from Grade A to Grade C, meaning that JavaScript is no longer executed in these browser versions.
  • Browser support for Opera 11 lowered from Grade A to Grade C.
  • Removed IEFixes module which existed purely to provide support for MSIE versions
  • Deprecated SpecialPageFactory::getList() in favor of SpecialPageFactory::getNames() below 7 (conditionally loaded only for those browsers).
  • Action::checkCanExecute() no longer has a return value.
  • Removed cleanupForIRC(), loadFromCurRow(), newFromCurRow(), notifyRC2UDP() and sendToUDP() from RecentChange.php. (deprecated since 1.22)
  • Removed EnhancedChangesList::arrow(), sideArrow(), downArrow(), spacerArrow().
  • Removed Xml::namespaceSelector(). (deprecated since 1.19)
  • Removed WikiPage::estimateRevisionCount(). (deprecated since 1.19)
  • MYSQL: Enum item added to "major MIME type" columns. Running update.php on MySQL < v5.1 may result in heavy processing.
  • RSS and Atom feeds generated by MediaWiki no longer include a fallback stylesheet. It was ignored by most browsers these days anyway.
  • SpecialSearchNoResults hook has been removed. SpecialSearchResults is now called unconditionally.
  • TablePager::getBody() is now 'final' and can't be overridden in subclasses.
  • TablePager::getBody() is deprecated, use getBodyOutput() or getFullOutput().
  • Added $outputPage parameter to the SkinTemplateGetLanguageLink hook.
  • log_page for move log entries store the original page ID, rather than that of the new redirect page. This is not retroactive.
  • LCStoreAccel was removed. $wgLocalisationCacheConf can no longer be set to use this store class.
  • Html::infoBox() no longer accepts paths relative to skins/common/images/.
  • Deprecated defunct Skin::getCommonStylePath().
  • Some extensions had their ResourceLoader modules depend on the "mediawiki" and "jquery" modules. In the past, this behavior was undefined, now it will throw an error.
  • Removed BagOStuff::replace(). (deprecated since 1.23)
  • In Linker.php, link(), linkText() and makeBrokenImageLinkObj() now display warnings if their first parameter is not a Title object. Also makeImageLink() now requires a Parser as its first parameter.

Classes renommées

  • CLDRPluralRuleConverter_Expression to CLDRPluralRuleConverterExpression
  • CLDRPluralRuleConverter_Fragment to CLDRPluralRuleConverterFragment
  • CLDRPluralRuleConverter_Operator to CLDRPluralRuleConverterOperator
  • CLDRPluralRuleEvaluator_Range to CLDRPluralRuleEvaluatorRange
  • CSSJanus_Tokenizer to CSSJanusTokenizer
  • MediaWiki_I18N to MediaWikiI18N
  • Parser_DiffTest to ParserDiffTest
  • RevDel_ArchiveItem to RevDelArchiveItem
  • RevDel_ArchiveList to RevDelArchiveList
  • RevDel_ArchivedFileItem to RevDelArchivedFileItem
  • RevDel_ArchivedFileList to RevDelArchivedFileList
  • RevDel_ArchivedRevisionItem to RevDelArchivedRevisionItem
  • RevDel_FileItem to RevDelFileItem
  • RevDel_FileList to RevDelFileList
  • RevDel_Item to RevDelItem
  • RevDel_List to RevDelList
  • RevDel_LogItem to RevDelLogItem
  • RevDel_LogList to RevDelLogList
  • RevDel_RevisionItem to RevDelRevisionItem
  • RevDel_RevisionList to RevDelRevisionList
  • WebInstaller_Complete to WebInstallerComplete
  • WebInstaller_Copying to WebInstallerCopying
  • WebInstaller_DBConnect to WebInstallerDBConnect
  • WebInstaller_DBSettings to WebInstallerDBSettings
  • WebInstaller_Document to WebInstallerDocument
  • WebInstaller_ExistingWiki to WebInstallerExistingWiki
  • WebInstaller_Install to WebInstallerInstall
  • WebInstaller_Language to WebInstallerLanguage
  • WebInstaller_Name to WebInstallerName
  • WebInstaller_Options to WebInstallerOptions
  • WebInstaller_Readme to WebInstallerReadme
  • WebInstaller_ReleaseNotes to WebInstallerReleaseNotes
  • WebInstaller_Restart to WebInstallerRestart
  • WebInstaller_Upgrade to WebInstallerUpgrade
  • WebInstaller_UpgradeDoc to WebInstallerUpgradeDoc
  • WebInstaller_Welcome to WebInstallerWelcome

Classes retirées

  • IPBlockForm - Use SpecialBlock directly
  • WatchlistEditor - Use SpecialEditWatchlist directly
  • FormatExif - Use FormatMetadata directly
  • RevertFileAction - Use RevertAction directly
  • HistoryPage - Use HistoryAction directly
  • RawPage - Use RawAction directly
  • StubContLang - Use Language::factory() instead
  • XMLReader2 - Use XMLReader directly


MediaWiki 1.24 nécessite PHP version 5.3.2 ou ultérieure. Il y a un support expérimental pour HHVM 3.3.0.

Le SGBD recommandé pour MediaWiki est MySQL. PostgreSQL et SQLite peuvent aussi être utilisés mais le support est nettement moins abouti. Il existe un support expérimental pour Oracle et Microsoft SQL Server.

Les versions supportées sont :

  • MySQL version 5.0.2 ou ultérieure
  • PostgreSQL version 8.3 ou ultérieure
    Note : Si vous utilisez la version 1.24.0, il se peut que vous ayez à mettre en place cette modification pour installer MediaWiki. Utilisez soit git ou copier ce fichier dans maintenance/postgres/update-keys.sql.

SQLite version 3.3.7 ou ultérieure

  • Oracle version 9.0.1 ou ultérieure
  • Microsoft SQL Server 2005 (version 9.00.1399)

Mise à jour

La version 1.24 a reçu plusieurs modifications de la base de données par rapport à la version 1.23 et ne fonctionnera pas sans mises à jour des schémas Veuillez noter que les modifications appliquées aux tables fournies comme la table de révision impliqueront un temps assez important de mise à jour (de quelques minutes sur un site de taille moyenne à plusieurs heures pour un site de taille conséquente).

Si vous effectuez une mise à jour depuis une version antérieure à la 1.11 et que vous utilisez un wiki en tant que bibliothèque commune, assurez-vous de mettre aussi à jour celle-ci. Autrement, vous pourriez avoir des erreurs liées aux changements de schémas de la base de données.

Si vous effectuez une mise à jour depuis une version antérieure à la 1.7, il faudra certainement lancer refreshLinks.php pour s'assurer que les nouveaux champs de la base de données soient bien remplis avec les données correspondantes.

Si vous effectuez une mise à jour depuis une version 1.4.x ou antérieure, vous devriez tout d'abord effectuer une première mise à jour vers la version 1.5. Le script de mise à jour maintenance/upgrade1_5.php a été retiré depuis la version 1.21

N'oubliez pas de toujours faire une sauvegarde de votre base de données avant de faire une mise à jour !

Lisez le fichier UPGRADE (en anglais) pour de plus amples instructions concernant la mise à jour.

Pour les notes concernant les versions 1.23.x et antérieurs, voir HISTORY (en anglais).

Documentation en ligne

La documentation pour les utilisateurs finaux et les administrateurs de site est disponible sur et est couverte par la GNU Free Documentation License (à l'exception des pages qui spécifient clairement que leur contenu se trouve dans le domaine public) :

Liste de diffusion

Une liste de diffusion est disponible pour le support utilisateur et discussion de MediaWiki :

Une liste à faible trafic contenant seulement les annonces est aussi disponible :

Il vous est fortement recommandé de vous inscrire à l'une de ces listes dans le cas où vous souhaiteriez lancer un MediaWiki public afin de recevoir les corrections liées à la sécurité.

Aide IRC

Il y a généralement toujours au moins une personne à l'écoute du canal #mediawiki sur