MediaWiki is an open source wiki engine that can be used to create and manage content for the Wikimedia Foundation websites, such as Wikipedia, Wikipedia, Wikisource, Wikibooks and Wikiquote. The developers have been busy with version 1.5.3 as the result. It is announced as follows:
Security reminder: MediaWiki does not require PHP’s register_globals setting since version 1.2.0. If you have it on, turn it *off* if you can.
- MediaWiki 1.5.3 is a security and bug fix maintenance release. Validation of the user language option was broken by a code change in May 2005, opening the possibility of remote code execution as this parameter is used in forming a class name dynamically created with eval().
- (bug 3612) Remove old broken version of maintenance/compressOld.php
The working version is in maintenance/storage/compressOld.php
- (bug 2740) Accept image deletions on ‘enter’ submit from MSIE
- (bug 3933) specify XML namespace for Atom 0.3 feeds
- (bug 3939) Don’t try to load text for interwiki redirect target
- (bug 3948) Avoid notice warning in debug statement in bad search
- Recognize Special:Search consistently so read whitelist works
- (bug 4013) typo in fr
- (bug 3996) Fix text for new entries in RC RSS/Atom feed
- (bug 2894) Enhanced Recent Changes link fixes
- (bug 3065) Update both watched namespaces when renaming pages
- Move parenthesis out of a link in Special:Contributions
- (bug 4071) Generate passwords long enough for $wgMinimalPasswordLength
- (bug 4035) Fix prev/next revision links on edit page
- (bug 4165) Correct validation for user language selection (data taint)
The validation has been corrected in this version. All prior 1.5 release and prerelease versions are affected; 1.4 and earlier and not affected.
Additionally several bugs have been fixed; see the changelog later in this file for a complete list.
Changes since 1.5.2:
- MediaWiki 1.5.2 is a bug fix maintenance release. A change in PHP 4.4.1 and PHP 5.1.0RC broke handling of extension and pre sections, causing garbage data to be inserted in output and saved edits. This version works around the change.
- Fix Special:BrokenRedirects on MySQL 5.0
- (bug 3809) Backport fix for detecting diff3 failure
- MySQL 5.0 strict mode fix for moving unwatched pages
- (bug 3782) Throw fatal installation warning if mbstring.func_overload on.
Why do people invent these crazy options that change language semantics?
- (bug 3762) Define missing Special:Import UI messages
- (bug 3771) Handle internal functions in backtrace in wfAbruptExit()
- (bug 3649) Remove obsolete, broken moveCustomMessages script
- (bug 3667) Add missing global in page move code
- (bug 3761) Avoid deprecation warnings in Special:Import
- (bug 2885) Remove unnecessary reference parameter which broke classic skin talk notification on PHP 5.0.5
- (bug 3845) Update attribute.php for 1.5 schema
- Fix Parser::unstrip on PHP 4.4.1 and PHP 5.1.0RC4
Several other glitches with MySQL 5.0 and PHP 5.0.5 were also fixed; see the change log below for a complete list.
Changes since 1.5.1:
- Image pages work again with resizing disabled
- Works in MySQL 5.0 strict mode
- (bug 3629) Fix date & time format for Frisian
- (bug 3641) Fix handling of unrecognized file uploads with known extensions
- (bug 3643) Fix image page display of large images with resizing disabled
- Fix meta robots tag on Special:Version again to avoid listing vulnerable versions for convenient harvesting by automated worms
- (bug 3684) Fix typo in fatal error backtraces in Hooks.php
- Backport fix for reference usage notice in Special:Search on PHP 4.4.0
- Backport database connect error display fix from HEAD
- (bug 2773) Print style sheet no longer overrides RTL text direction
- MonoBook skin top link id changed from “contentTop” to “top” (shared with name attribute)
- Wrap message page insertions in a transaction to speed up installation
- Fix Special:MovePage invalid HTML attribute for reason textarea
- Avoid notice warning on edit with no User-Agent header
- (bug 3734) Swapped out obsolete recount.sql with initStats.php
- (bug 3735) Fix to run under MySQL 5’s strict mode
- (bug 3786) Experimental support for MySQL 4.1/5.0 utf8 charset mode
NOTE: Enabling this may break existing wikis, and still doesn’t work for all Unicode characters due to MySQL limitations.
- Sanitizer CSS comment processing order fix
Major fixes include:
There is experimental support in this release for explicitly declaring the UTF-8 charset in the database; this has been tested with MySQL 5.0.15 but should work on 4.1 as well.
IMPORTANT: Changing this setting on an existing wiki may produce interesting data corruption, depending on server configuration. Page contents should, usually, be unaffected, but page titles and other items may be. Limitations in MySQL’s Unicode support mean that characters outside the BMP cannot be used in page titles or various other fields when using this mode.
Table definitions are in maintenance/mysql5/tables.sql, and the runtime option to send ‘SET NAMES utf8’ is set by $wgDBmysql5 = true.
(MySQL 3.23.x and 4.0.x do not support character set declarations; on these versions MediaWiki simply works with UTF-8 data and MySQL is blissfully unaware of it.)
Changes since 1.5.0: