HĂ©bergement MediaWiki

MediaWiki

MediaWiki est une application open source de wiki. Initialement sorti en 2012 après avoir été développé par Wikipedia.

Installation en 1 clic MediaWiki

Installation en 1 clic

Mise Ă  jour facile MediaWiki

Mise Ă  jour facile

Sauvegarde et restauration MediaWiki

Sauvegarde et restauration

Information

Application
wiki
Catégorie
Logiciel de communauté
Version courante
1.34.1
Dernière mise à jour
6 April 2020
Langues
Français + 333 autres

Configuration requise

Taille de l'installation
210.00 Mo
Base de données
mysql
License
open source
Vue d'ensemble
Quoi de neuf
Vitrine

1.34.1

(version de sécurité)
6 Avril - 210MBSecurity
  • (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink().
  • (T232932) SECURITY: User content can redirect the logout button to different URL.
  • (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to any CSS selector.

Bug Fixes
  • (T211450) User: better error message when getActorId fails.
  • (T241340) Don't redefine MW_ENTRY_POINT in thumb.php if already defined.
  • (T236444) User: Allow newSystemUser() to create over anonymous actors.
  • (T238483) Fix NewPagesPager "hide registered users" option.
  • (T245072) mediawiki.language: Rename languageData back to languageNames.
  • Use proper SemVer comparison in CheckComposerLockUpToDate.
  • (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated.
  • (T246127) Fix error when initialising updateCollation.php.
  • Update comment about PHP versions supported by The PHP Group.
  • (T247215) Fix output of RecountCategories::doWork().
  • Add check for page existence to view.php maintenance script.
  • (T245149) Fix fetching login token from action=query&meta=tokens on private wikis.

Lire la suite: https://www.mediawiki.org/wiki/Release_notes/1.34

1.34.0

(version majeure)
20 DĂ©cembre 2019 - 210MBSecurity
  • (T192134) Personal and site-wide CSS and JavaScript is loaded on Special:PasswordReset.
  • (T239466) Possible to circumvent title-blacklist (CVE-2019-19709).

Lire la suite: https://www.mediawiki.org/wiki/Release_notes/1.34

1.33.3

(version de sécurité)
6 Avril - 210MBSecurity
  • (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink().
  • (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to

Bug Fixes
  • (T245072) mediawiki.language: Rename languageData back to languageNames.
  • Use proper SemVer comparison in CheckComposerLockUpToDate.
  • (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated.
  • Update comment about PHP versions supported by The PHP Group.
  • (T247215) Fix output of RecountCategories::doWork().
  • Add check for page existence to view.php maintenance script.

Lire la suite: https://www.mediawiki.org/wiki/Release_notes/1.33

1.33.1

(version de sécurité)
11 Octobre 2019 - 210MB
  • A change that kept people with a database table prefix that didn't end with an underscore from updating was reverted.
  • (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3.
  • The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification of headers in private wikis.
  • (T230317) Allow upgrading from MediaWiki before 1.15 where the valid_tag table doesn't yet exist.
  • (T208897) MessageCache: Restore 'loadedLanguages' tracking for load().
  • (T228555) MessageCache: Fix isMainCacheable() logic for non-content languages.
  • (T200088) Remove title protection correctly for undeletions and imports.
  • (T230402) SECURITY: Add permission check for suppressed account to Special:Redirect.
  • Add helper for HTTPFileStreamer header syntax.
  • (T227461) ObjectCache: avoid using deprecated phpredis::delete() alias.
  • (T231386) SpecialRedirect::dispatchUser() should use a 302 http status code.
  • (T118799) Fix XMP parser errors due to trailing nullchar.
  • (T230618) Fix GROUP BY in ActiveUsersPager and RecentChangesUpdateJob for PostgreSQL.
  • (T230487) Handle changed defaults in Argon2PasswordTest::testPartialConfig().
  • (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy.
  • (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into separate files to help allieviate potential migration problems.

Lire la suite: https://www.mediawiki.org/wiki/Release_notes/1.33

Afficher plus de versions

1.33.0

(version majeure)
20 Août 2019 - 210MB1.33.0
  • Update installer link to PHP intl.
  • Only attempt to deduplicate if there is data in archive and revision tables.
  • Fetch tag ID before calling undefineTag().
  • Detect APC for MainCacheType in CLI installer.
  • Call unpack() with correct parameters in MimeAnalyzer.php for PHP 7.0 support.
  • Style change tags correctly on Special:NewPages.
  • Fix SQLite patch-(page|template)links-fix-pk.sql column order.

New Configuration
  • $wgEnablePartialBlocks – This enables the Partial Blocks feature, which gives accounts with block permissions the ability to block users, IPs, and IP ranges from editing specific pages, while allowing them to edit the rest of the wiki. It is a temporary setting for gradual enablement, current default to `false`, and will be set to `true` and then removed once initial development completes.

Changed Configuration
  • $wgChangeTagsSchemaMigrationStage — This temporary setting, added in MediaWiki 1.32, now defaults to MIGRATION_NEW instead of MIGRATION_WRITE_BOTH.
  • $wgPasswordPolicy – There is a new password policy to check that the account's password is not in the large blacklist. This is enabled by default for the built-in user groups bureaucrat, sysop, interface-admin, and bot. To configure this for other user groups, set the `PasswordNotInLargeBlacklist` flag `true`.
  • $wgPasswordDefault – There is a new password type configuration using Argon2 password hashing (which requires PHP 7.2 and above). It's designed to resist timing attacks, and (on systems with PHP 7.3+) GPU hacking; if you configure argon2 to be used, by default, it will automatically choose the best available algorithm depending on which version of PHP you have available. To use this, you can set $wgPasswordDefault = 'argon2';.
  • $wgActorTableSchemaMigrationStage now defaults to reading the new schema. update.php will back-populate the new database fields due to the changed setting, which may take some time on large wikis. You can avoid downtime by following a process like that described in task T188327.

Removed Configuration
  • $wgTagStatisticsNewTable — This temporary setting, added in MediaWiki 1.32, has now been removed. When loading Special:Tags, MediaWiki will now always use the change_tag_def instead of the change_tag table.
  • $wgUseTidy, $wgTidyBin, $wgTidyConf, $wgTidyOpts, $wgTidyInternal, and $wgDebugTidy – These options, all deprecated since 1.26, have now all been removed, as MediaWiki now always tidies user output. The $wgTidyConfig setting remains only for experimental features and debugging, and should not be used.
  • $wgEnableParserCache – This setting has been deprecated since 1.26, has now been removed. If you still desire to disable the parser cache, instead you can set $wgParserCacheType = CACHE_NONE;.
  • $wgCommentTableSchemaMigrationStage – This temporary migration setting has now been removed. Code finding it unset should treat it as being MIGRATION_NEW.
  • $wgAuth – This old setting, deprecated in 1.27, has been removed as part of the removal of AuthPlugin.
  • $wgSitesCacheFile – This configuration was introduced in 1.25 with the intent to allow sites to configure a file in which to cache the SiteStore database table, but it was never used. SiteStore already caches its information by default using BagOStuff (e.g. Memcached or APC).
  • $wgClockSkewFudge – This setting was used by User.php to let sites adjust by how much MediaWiki would fudge when trying to minimize the chances of a user.user_touched database update to the "current" timestamp being before the value already there (e.g. due to clock skew between different servers). This is no longer a problem, because the code now ensures the timestamp is always higher than the previous one. The writes are guarded with CAS logic (check and set), which prevents updates that would overlap.
  • $wgDBmysql5 - This experimental setting, deprecated in 1.31, has been removed.

New User-facing Features
  • __EXPECTUNUSEDCATEGORY__ on a category page causes the category to be hidden on Special:UnusedCategories.
  • SVGs are now by default displayed in wiki language on image pages.
  • Special:CreateAccount now warns the user if their chosen username has to be normalized.
  • Multilingual images are now be displayed in the current parse language where available.
  • Special:ActiveUsers will no longer filter out users who became inactive since the last time the active users query cache was updated.
  • RecentChange and ManualLogEntry implement new Taggable interface.
  • Added a hook, ManualLogEntryBeforePublish, to allow extensions to modify (example: add tags) log entries.

New Developer Features
  • The AuthManagerLoginAuthenticateAudit hook has a new parameter for additional information about the authentication event.
  • TextContent::getText() was introduced as a replacement for Content::getNativeData() for text-based content models.
  • LinksUpdate::getAddedExternalLinks() and LinksUpdate::getRemovedExternalLinks() were introduced.
  • Added MaintenanceUpdateAddParams hook
  • The MarkPatrolled hook has a new parameter for the tags associated with this entry in the patrol log.
  • Extensions can now specify platform abilities they require to work, limited to shell access for now.

New External Libraries
  • Added wikimedia/password-blacklist 0.1.4.
  • Added guzzlehttp/guzzle 6.3.3.

Changed External Libraries
  • Updated OOUI from v0.29.2 to v0.31.3.
  • Updated OOjs Router from pre-release to v0.2.0.
  • Updated moment from v2.19.3 to v2.24.0.
  • Updated wikimedia/xmp-reader from 0.6.0 to 0.6.2.
  • Updated wikimedia/scoped-callback from 2.0.0 to 3.0.0.
  • Updated jquery-client from 2.0.1 to 2.0.2.
  • Updated pear/net_smtp from 1.8.0 to 1.8.1.
  • Updated cssjanus/cssjanus from 1.2.0 to 1.3.0.
  • Updated wikimedia/php-session-serializer from 1.0.6 to 1.0.7.

Removed External Libraries
  • jquery.ui.spinner, deprecated since 1.31, was removed.

New developer libraries
  • Added jakub-onderka/php-console-highlighter 0.3.2 explicitly (dev-only).
  • Added mediawiki/mediawiki-phan-config 0.5.0 (dev-only).

Changed Developer Libraries
  • Updated wikimedia/ip-set from 1.3.0 to 2.0.1 (the deprecated IPSet\IPSet alias was removed, Wikimedia\IPSet must be used instead).
  • Updated psy/psysh from 0.9.6 to 0.9.9 (dev-only).
  • Updated nikic/php-parser from 3.1.3 to 3.1.5 (dev-only).
  • Updated mediawiki/mediawiki-codesniffer from 22.0.0 to 25.0.0 (dev-only).
  • Updated qunitjs from 2.6.2 to 2.9.1.

Removed Developer Libraries
  • The jetbrains/phpstorm-stubs repository was removed in favour of the minimal stubs we need, which are kept in the new `.phan/internal_stubs` directory (dev-only).

Bug Fixes
  • Special:UserRights could sometimes fail with a "conflict detected" error when there weren't any conflicts.
  • Chrome redirects to Special:BadTitle after editing a section with a non-Latin name on a page with non-Latin characters in title.
  • resourceloader: Use AND instead of OR for upsert conds in saveFileDependencies().

Action API Changes
  • Added ApiOptions hook.
  • The JSON formatversion=2 is no longer experimental.
  • Internal API errors (those with code beginning "internal_api_error") will include the exception class name in a data field named "errorclass".
  • - Class names are not guaranteed to remain stable, and in particular database exceptions will now include the "Wikimedia\Rdbms\" prefix in the class name.
  • - The code including an exception class name is deprecated. In the future, all internal errors will use code "internal_api_error".
  • When using action=delete on pages with many revisions, the module may return a boolean-true 'scheduled' and no 'logid'. This signifies that the deletion will be processed via the job queue.
  • action=setnotificationtimestamp will now update the watchlist asynchronously if entirewatchlist is set, so updates may not be visible immediately
  • Block info will be added to "blocked" errors from more modules.
  • Autoblocks will now be spread by action=edit and action=move.
  • action=query&meta=userinfo has a new uiprop, 'latestcontrib', that returns the date of user's latest contribution.
  • action=logout now requires to be posted and have a csrf token.

Action API Internal Changes
  • A number of deprecated methods for API documentation, intended for overriding by extensions, are no longer called by MediaWiki, and will emit deprecation notices if your extension attempts to use them: ApiBase::getDescription() (deprecated in 1.25), ApiBase::getParamDescription() (deprecated in 1.25), ApiBase::getExamples() (deprecated in 1.25), ApiBase::getDescriptionMessage() (deprecated in 1.30)
  • Additionally, the APIGetDescription and APIGetParamDescription hooks have been removed, as their only use was to let extensions override values returned by getDescription() and getParamDescription(), respectively.
  • API error codes may only contain ASCII letters, numbers, underscore, and hyphen. Methods such as ApiBase::dieWithError() and ApiMessageTrait::setApiCode() will throw an InvalidArgumentException if passed a bad code.
  • ApiBase::checkTitleUserPermissions() now takes an options array as its third parameter. Passing a User object or null is deprecated.
  • The api-feature-usage log channel now has log context. The text message is deprecated and will be removed in the future.

Languages Updated
  • Added language support for Eastern Pwo (kjp).
  • Fixed a translation error on Goan Konkani (gom-deva) translations for NS_TEMPLATE.
  • Added $digitTransformTable for Santali (sat).
  • Added language support for Saisiyat (xsy).
  • Added support for new Japanese era name "Reiwa"

Breaking Changes
  • The parameter $lang in DifferenceEngine::setTextLanguage must be of type Language. Other types are deprecated since 1.32.
  • Skin::doEditSectionLink requires type Language for the parameter $lang. The parameters $tooltip and $lang are mandatory. Omitting the parameters is deprecated since 1.32.
  • Language::truncate(), deprecated in 1.31, has been removed.
  • UtfNormal, deprecated in 1.25, was removed. Use UtfNormal\Validator directly instead.
  • In OOUI HTMLForm fields, the parameters 'notice', 'notice-messages', and 'notice-message', which were deprecated in 1.32, were removed. Instead, use 'help', 'help-message', and 'help-messages'.
  • HTMLFormField::getNotices(), deprecated in 1.32, was removed.
  • The "Parsoid v1" compatibility mappings in ParsoidVirtualRESTService and RestbaseVirtualRESTService, deprecated since 1.26, have been removed. Use the RESTBase v1 or Parsoid v3 API instead.
  • ParserOptions defaults 'tidy' to true now, since the untidy modes of the parser are being deprecated and ParserOptions::getCanonicalOverrides() has always been true at any rate.
  • Support for disabling tidy and external tidy implementations has been removed. This was deprecated in 1.32. The pure PHP Remex tidy implementation is now used and no configuration is necessary.
  • A number of deprecated methods for API documentation, intended for overriding by extensions, are no longer called by MediaWiki, and will emit deprecation notices if your extension attempts to use them: ApiBase::getDescription() (deprecated in 1.25), ApiBase::getParamDescription() (deprecated in 1.25), ApiBase::getExamples() (deprecated in 1.25), ApiBase::getDescriptionMessage() (deprecated in 1.30)
  • Additionally, the APIGetDescription and APIGetParamDescription hooks have been removed, as their only use was to let extensions override values returned by getDescription() and getParamDescription(), respectively.
  • The authentication hooks AbortAutoAccount, AbortNewAccount, AbortLogin, LoginUserMigrated, UserCreateForm, and UserLoginForm, all deprecated by the creation of AuthManager in 1.27, have been removed. This also means that the FakeAuthTemplate and LoginForm classes are removed, that FakeAuthTemplate is no longer passed into LoginSignupSpecialPage->getFieldDefinitions(), and that LoginSignupSpecialPage->getBCFieldDefinitions() is removed.
  • The 'jquery.localize' module, deprecated in 1.32, has been removed. Instead, use 'jquery.i18n'.
  • The hooks LanguageGetSpecialPageAliases and LanguageGetMagic, deprecated since 1.16, have now been removed. Instead, use $specialPageAliases or $magicWords respectively in a $wgExtensionMessagesFiles file.
  • The following methods of the Preferences class, deprecated in 1.31, have been removed: getSaveBlacklist(), loadPreferenceValues(), getOptionFromUser(), profilePreferences(), skinPreferences(), filesPreferences(), datetimePreferences(), renderingPreferences(), editingPreferences(), rcPreferences(), watchlistPreferences(), searchPreferences(), miscPreferences(), generateSkinOptions(), getDateOptions(), getImageSizes(), getThumbSizes(), validateSignature(), cleanSignature(), getTimezoneOptions(), filterIntval(), filterTimezoneInput(), getTimeZoneList()
  • mw.util.jsMessage(), deprecated in 1.20, was removed. Use mw.notify instead.
  • User::EDIT_TOKEN_SUFFIX was removed. It was deprecated since 1.27.
  • The 'mediawiki.api' module aliases, deprecated in 1.32, have been removed. Specifically: mediawiki.api.category, mediawiki.api.edit, mediawiki.api.login, mediawiki.api.options, mediawiki.api.parse, mediawiki.api.upload, mediawiki.api.user, mediawiki.api.watch, mediawiki.api.messages, and mediawiki.api.rollback.
  • The 'jquery.byteLimit' module alias for 'jquery.lengthLimit', deprecated in 1.31, was removed.
  • Revision::fetchRevision(), deprecated in 1.28, was removed.
  • Class SquidUpdate, deprecated in 1.27, was removed.
  • Title->getSquidURLs(), deprecated in 1.27, was removed. Instead, use Title->getCdnUrls().
  • Title::escapeFragmentForURL(), deprecated in 1.30, was removed. Use Sanitizer::escapeIdForLink() or escapeIdForExternalInterwiki() instead.
  • Title->canTalk(), deprecated in 1.30, was removed. Instead, use Title->canHaveTalkPage().
  • Title's methods for site and user page related to CSS and JS, deprecated in 1.31, were removed:
  • - Title->isCssOrJsPage() — Use Title->isSiteConfigPage()
  • - Title->isCssJsSubpage() – Use Title->isUserConfigPage()
  • - Title->getSkinFromCssJsSubpage() – Use Title->getSkinFromConfigSubpage()
  • - Title->isCssSubpage() – Use Title->isUserCssConfigPage()
  • - Title->isJsSubpage() – Use Title->isUserJsConfigPage()
  • SiteSQLStore, deprecated in 1.27 and whose only method, SiteSQLStore::newInstance(), would return the global SiteStore instance, has been removed. You can get to this via MediaWiki\MediaWikiServices::getInstance()->getSiteStore() directly.
  • Linker::formatSize, deprecated in 1.28, has been removed (with DummyLinker's). Instead, use Language->formatSize() with the relevant Language object.
  • Linker::formatTemplates, deprecated in 1.28, has been removed (along with the version in DummyLinker). You can use TemplatesOnThisPageFormatter directly.
  • EventRelayerGroup::singleton(), deprecated in 1.27, has been removed. You can use MediaWikiServices::getInstance()->getEventRelayerGroup() directly.
  • LinkCache->addLink(), deprecated in 1.27, has been removed. It is thought to be unused, and is distinct from OutputPage->addLink(), which remains.
  • JsonContent->getJsonData(), deprecated in 1.25, has been removed. Instead, use JsonContent->getData().
  • MWExceptionHandler::getLogId(), deprecated in 1.27, has been removed, as the exception ID is the same as the request ID, from WebRequest::getRequestId().
  • SearchEngine::getNearMatchResultSet(), deprecated in 1.27, has been removed. You can use SearchEngine::getNearMatcher() instead.
  • EmailNotification::updateWatchlistTimestamp, deprecated in 1.27, has been removed. Instead, use WatchedItemStore::updateNotificationTimestamp directly.
  • User::getGroupName() and User::getGroupMember(), both deprecated in 1.29, have been removed. Instead, please use UserGroupMembership::getGroupName() and UserGroupMembership::getGroupMemberName().
  • Backwards compatibility for setting wgSessionsInObjectCache to false or using wgSessionHandler, both of which were deprecated in 1.27 with the introduction of SessionManager, has been removed.
  • SessionManager::autoCreateUser, deprecated in 1.27, has been removed. Use MediaWiki\Auth\AuthManager::autoCreateUser instead.
  • The mw.libs.jpegmeta property, deprecated in 1.31, was removed. Use require( 'mediawiki.libs.jpegmeta' ) instead.
  • The mw.user.stickyRandomId() method, deprecated in 1.32, was removed. Use mw.user.getPageviewToken() instead.
  • Removed deprecated class property WikiRevision::$importer.
  • ResourceLoaderFileModule::readStyleFiles() now requires its $context parameter.
  • The ChangeList::insertArticleLink() method, that was deprecated in 1.27, has been removed.
  • MessageBlobStore::__construct() now requires its $rl parameter.
  • Second parameter to Sanitizer::escapeIdReferenceList() (deprecated in 1.31) has been removed.
  • The 'jquery.xmldom' module has been removed.
  • The 'jquery.mockjax' module has been removed.
  • The 'jquery.hidpi' module, deprecated in 1.32, has been removed.
  • AuthPlugin and related code, deprecated in 1.27, has been removed. Extensions should instead use AuthManager. The following no longer exist:
  • - The AuthPlugin class itself and the related AuthPluginUser class and i18n
  • - The AuthPluginSetup and AuthPluginAutoCreate hooks
  • - The transitional wrapper classes AuthPluginPrimaryAuthenticationProvider, AuthManagerAuthPlugin, and AuthManagerAuthPluginUser.
  • - The $wgAuth configuration setting and its use in Setup.php and unit tests
  • The 'wgAvailableSkins' mw.config key in JavaScript, was removed.
  • Language::markNoConversion, deprecated in 1.32, has been removed. Use LanguageConverter::markNoConversion instead.
  • BagOStuff::modifySimpleRelayEvent() method has been removed.
  • ParserOutput::getLegacyOptions, deprecated in 1.30, has been removed. Use ParserOutput::allCacheVaryingOptions instead.
  • CdnCacheUpdate::newSimplePurge, deprecated in 1.27, has been removed. Use CdnCacheUpdate::newFromTitles() instead.
  • Handling of multiple arguments by the Block constructor, deprecated in 1.26, has been removed.
  • The translation of main page in Sardinian (sc) was changed from "PĂ gina Base" to "PĂ gina printzipale". Existing wikis using this content language need to move the main page or change the name through MediaWiki:Mainpage page.
  • wfSplitWikiID(), deprecated in 1.32, has been removed.
  • MessageBlobStore::getBlob(), deprecated in 1.27, has been removed. Use MessageBlobStore::getBlobs() instead.
  • The .background-size() LESS mixin, deprecated in 1.27, has been removed.
  • ReadOnlyMode::clearCache() and ConfiguredReadOnlyMode::clearCache() have been removed. Use MediaWikiTestCase::overrideMwServices() instead.

Deprecations
  • The configuration option $wgUseESI has been deprecated, and is expected to be removed in a future release.
  • The configuration option $wgSquidPurgeUseHostHeader has been deprecated, and is expected to be removed in a future release.
  • The configuration options $wgFixArabicUnicode and $wgFixMalayalamUnicode, introduced in MW 1.17, have been deprecated. These fixes will always be applied for Arabic and Malayalam in the future. Please enable these on your local wiki (if you have them explicitly set to false) and run maintenance/cleanupTitles.php to fix any existing page titles.
  • The LegacyHookPreAuthenticationProvider class, deprecated since its creation in 1.27 as part of the AuthManager re-write, now emits deprecation warnings. This will help identify the issue if you added it to $wgAuthManagerConfig.
  • wfSplitWikiId() is now deprecated. Cache key generation should have the wiki domain ID as a key component and use makeGlobalKey().
  • Title::getUserCaseDBKey() is deprecated; instead, please use Title::getDBKey(), which doesn't vary case.
  • User::getPasswordValidity() is now deprecated. User::checkPasswordValidity() returns the same information in a more useful format.
  • For Linker::generateTOC() and Linker::tocList(), passing strings or booleans as the $lang parameter was deprecated. The same applies to DummyLinker.
  • The PasswordPolicy 'PasswordCannotBePopular' has been deprecated. To follow best practices, it is reccommended to use 'PasswordNotInLargeBlacklist' instead which blacklists 100,000 commonly used passwords.
  • Action::requiresUnblock() is now called from Title::getUserPermissionsErrors() and Title::userCan(). Previously, the method was only called in Action::checkCanExecute(). Actions should ensure that their requiresUnblock() returns the proper result (the default is `true`).
  • The MediaWiki\Services namespace has been renamed to Wikimedia\Services. The old name is still supported, but deprecated.
  • Content::getNativeData has been deprecated. Please use model-specific getters, such as TextContent::getText().
  • The class WebInstallerOutput is now marked as @private.
  • The jquery.async module has been deprecated. JavaScript code that needs asynchronous behaviour should use Promises.
  • Password::equals() is deprecated, use verify().
  • BaseTemplate::msgWiki() and QuickTemplate::msgWiki() will be removed. Use other means to fetch a properly escaped message string or Message object.
  • The 'ResourceLoaderTestModules' hook, which lets you declare QUnit testing code for your JavaScript modules, is deprecated. Instead, you can now use the new extension registration key 'QUnitTestModule'.
  • The jquery.throttle-debounce module has been deprecated. JavaScript code that needs this behaviour should use OO.ui.debounce/throttle.
  • The mw.language.specialCharacters property from the 'mediawiki.language.specialCharacters' module has been deprecated. Use require( 'mediawiki.language.specialCharacters' ) instead.
  • ChangeTags::purgeTagUsageCache() has been deprecated, and is expected to be removed in a future release.
  • Passing a User object or null as the third parameter to ApiBase::checkTitleUserPermissions() has been deprecated. Pass an array [ 'user' => $user ] instead.
  • Block::prevents is deprecated. Use Block::isEmailBlocked, Block::isCreateAccountBlocked and Block::isUsertalkEditAllowed to get and set block properties; use Block::appliesToRight and Block::appliesToUsertalk to check block behaviour.
  • The api-feature-usage log channel now has log context. The text message is deprecated and will be removed in the future.
  • The FileBasedSiteLookup class has been deprecated. For a cacheable SiteLookup implementation, use CachingSiteStore instead.
  • Language::viewPrevNext function is deprecated, use SpecialPage::buildPrevNextNavigation instead
  • ManualLogEntry::setTags() is deprecated, use ManualLogEntry::addTags() instead. The setTags() method was overriding the tags, addTags() doesn't override, only adds new tags.
  • Block::isValid is deprecated, since it is no longer needed in core.
  • Calling Maintenance::hasArg() as well as Maintenance::getArg() with no parameter has been deprecated. Please pass the argument number 0.
  • ResourceLoaderContext::expandModuleNames has been deprecated. Use ResourceLoader::expandModuleNames instead.

Other Changes
  • Html::openElement() warns if given an element name with a space in it.
  • The implementation of buildStringCast() in Wikimedia\Rdbms\Database has changed to explicitly cast. Subclasses relying on the base-class implementation should check whether they need to override it now.
  • BagOStuff::add is now abstract and must explicitly be defined in subclasses.
  • LinksDeletionUpdate is now a subclass of LinksUpdate. As a consequence, the following hooks will now be triggered upon page deletion in addition to page updates: LinksUpdateConstructed, LinksUpdate, LinksUpdateComplete. LinksUpdateAfterInsert is not triggered since deletions do not cause insertions into links tables.
  • Category::newFromID( $id )->getID() will now return $id without any validation, to avoid a mostly unnecessary DB query.
  • On Special:Version, the name for an extension can no longer be arbitrary html when no link is specified.

Lire la suite: https://www.mediawiki.org/wiki/Release_notes/1.33

1.32.4

(version de sécurité)
11 Octobre 2019 - 210MB1.32.4
  • (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3.
  • The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification of headers in private wikis.
  • (T230402) SECURITY: Add permission check for suppressed account to Special:Redirect.
  • (T208897) MessageCache: Restore 'loadedLanguages' tracking for load().
  • (T200088) Remove title protection correctly for undeletions and imports.
  • Add helper for HTTPFileStreamer header syntax.
  • (T118799) Fix XMP parser errors due to trailing nullchar.
  • (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy.
  • Cache redirects from Special:Redirect.
  • (T231386) dispatchUser() should use a 302 http status code.
  • (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into separate files to help allieviate potential migration problems.
  • Make SQLite's patch-add-3d.sql a no-op to prevent clobbering other database updates.

1.32.3
  • (T225558) Update installer link to PHP intl.
  • (T225496) Detect APC for MainCacheType in CLI installer.
  • (T226766) Remove jetbrains/phpstorm-stubs from composer dev dependancies.
  • (T202211) Fix SQLite patch-(image|page|template)links-fix-pk.sql column order.

Lire la suite: https://www.mediawiki.org/wiki/Release_notes/1.32

1.32.2

(version de sécurité)
7 Juin 2019 - 210MBSecurity
  • (T197279, CVE-2019-12468) Directly POSTing to Special:ChangeEmail would allow for bypassing reauthentication, allowing for potential account takeover.
  • (T204729, CVE-2019-12473) Passing invalid titles to the API could cause a DoS by querying the entire `watchlist` table.
  • (T207603, CVE-2019-12471) Loading user JavaScript from a non-existent account allows anyone to create the account, and XSS the users' loading that script.
  • (T208881) blacklist CSS var().
  • (T199540, CVE-2019-12472) It is possible to bypass the limits on IP range blocks (`$wgBlockCIDRLimit`) by using the API.
  • (T212118, CVE-2019-12474) Privileged API responses that include whether a recent change has been patrolled may be cached publicly.
  • (T209794, CVE-2019-12467) A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them.
  • (T25227, CVE-2019-12466) An account can be logged out without using a token (CSRF).
  • (T222036, CVE-2019-12469) Exposed suppressed username or log in Special:EditTags.
  • (T222038, CVE-2019-12470) Exposed suppressed log in RevisionDelete page.
  • (T221739, CVE-2019-11358) Fix potential XSS in jQuery.

Lire la suite: https://www.mediawiki.org/wiki/Release_notes/1.32.2

1.32.1


8 Mai 2019 - 210MB
  • (T213577) rdbms: avoid transaction status errors from ping() in rollback().
  • rdbms: Pass required parameter.
  • rdbms: do not treat SAVEPOINT and RELEASE SAVEPOINT as write queries.
  • (T204531) rdbms: reduce LoadBalancer replication log spam.
  • (T213489) Avoid session double-start in Setup.php.
  • (T213717) Correct namespace 'Template' for gom-deva
  • (T198054) Fix login page crash caused by unknown language via ?uselang
  • (T215324) (T210937) list=users mistakenly reports user as missing.
  • (T209483) Add ILBFactory::redefineLocalDomain method. This is intended for use with scripts like addWiki.php to avoid mismatched domain errors.
  • (T208871) The hard-coded Google search form on the database error page was removed.
  • (T204800) Fix Title::getFragmentForURL for bad interwiki prefix
  • (T215566) Fix installer being unable to determine if the database exists during a fresh installation.

Lire la suite: https://www.mediawiki.org/wiki/Release_notes/1.32.1

1.32.0

(version majeure)
17 Janvier 2019 - 210MB1.32.0

WARNINGS
Note that due to changes to some very large tables like the revision table, the schema update may take quite long (minutes on a medium sized site, many hours on a large site).
  • Fix slow queries in migrateActors.php.
  • Fix $magicWords for the Sanskrit language.
  • Fix addition of ug_expiry column to user_groups table on MSSQL.
  • Fix the cache timestamp for forced updates.
  • User: Bypass repeatable-read when creating an actor_id.
  • Extensions can now specify PHP versions and PHP extensions they depend on.
  • Updated wikimedia/ip-set from v1.2.0 to v1.3.0.
  • When using action=delete on pages with many revisions, the module may return a boolean-true 'scheduled' and no 'logid'. This signifies that the deletion will be processed via the job queue.
  • Dropped columns category.cat_hidden, site_stats.ss_admins, and recentchanges.rc_cur_time from the PostgreSQL schema.
  • Prevent populateSearchIndex.php from breaking once actor migration has been started.
  • Properly set $wgLanguageCode in the generated LocalSettings.php if --lang is used with the command-line installer (install.php).
  • Multiple changes to configuration and API

Lire la suite: https://www.mediawiki.org/wiki/Release_notes/1.32

Nos hébergements Web compatibles avec
MediaWiki

Web

Uniquement l'hébergement Web

HĂ©bergement Web 100% SSD
100 Go et +
Gestion multisites
Gestion avancée des certificats SSL EV et DV
Protection Anti-DDoS
10 Go de VOD


En savoir plus

Ă  partir de 5.75 € / mois

Classic

L'offre complète Web+Mail

HĂ©bergement Web 100% SSD
100 Go et +
Gestion multisites
Gestion avancée des certificats SSL EV et DV
Protection Anti-DDoS
10 Go de VOD


Messagerie professionnelle
25 adresses email avec stockage illimité


WorkSpace
Messagerie en ligne
Messagerie instantanée
Synchronisation des contacts et agendas


En savoir plus

Ă  partir de 7.42 € / mois

Serveur Cloud

Managé

HĂ©bergement Web 100% SSD
100 Go et +
Gestion multisites
Gestion avancée des certificats SSL EV et DV
Protection Anti-DDoS
10 Go de VOD


Puissance
2 CPU et +
6 Go de RAM et +
100% SSD
Ressources 100% dédiées


Gestion
Infomaniak gère votre serveur


En savoir plus

Ă  partir de 29 € / mois

Prix en EUR