The globals for preference default overrides was removed in r15823,
when the defaults were moved from Language to User. Moved the settings
out to the global where they arguably belong, restoring compatibility
for site-specific overrides.
Caches for wikis with table prefixes will be lost on upgrade, caches for wikis without table prefixes will be preserved. Custom cache keys in extensions can be migrated at leisure. Extensions which write to core cache keys should be migrated ASAP, as I have done with Special:Makesysop.
* Made lines from initialiseMessages() appear as list items during installation
* Moved the bulk of the localisation data from the Language*.php files to the Messages*.php files. Deleted most of the Languages*.php files.
* Introduced "stub global" framework to provide deferred initialisation of core modules.
* Removed placeholder values for $wgTitle and $wgArticle, these variables will now be null during the initialisation process, until they are set by index.php or another entry point.
* Added DBA cache type, for BDB-style caches.
* Removed custom date format functions, replacing them with a format string in the style of PHP's date(). Used string identifiers instead of integer identifiers, in both the language files and user preferences. Migration should be transparent in most cases.
* Simplified the initialisation API for LoadBalancer objects.
* Removed the broken altencoding feature.
* Moved default user options and toggles from Language to User. Language objects are still able to define default preference overrides and extra user toggles, via a slightly different interface.
* Don't include the date option in the parser cache rendering hash unless $wgUseDynamicDates is enabled.
* Merged LanguageUtf8 with Language. Removed LanguageUtf8.php.
* Removed inclusion of language files from the bottom of Language.php. This is now consistently done from Language::factory().
* Add the name of the executing maintenance script to the debug log. Start the profiler during maintenance scripts.
* Added "serialized" directory, for storing precompiled data in serialized form.
* Allow or disallow account creation from blocked IP addressess on a per-block basis.
* Prevent duplicate blocks.
* Fixed the problem of expiry and unblocking erroneously affecting multiple blocks.
* Fixed confusing lack of error message when a blocked user attempts to create an account.
* Fixed inefficiency of Special:Ipblocklist in the presence of large numbers of blocks; added indexes and implemented an indexed pager.
* remove require_once() throughout whole code, yet left in few places
* move global functions in HttpUtils, ProxyTools, Credits to class methods
* php5 only: __autoload() now used, combined with class->file map and require()
* move initialization of $wgValidSkinNames to Skin::getSkinNames()
* few more changes that will surely break stuff.
Inserting a newline into some improperly filtered option strings could be used to overwrite other pref values, bypassing their input validation. Any newlines now get filtered out at User::setOption as a final line of defence.
There were a few HTML injection bugs, but none appear to be exploitable, as prefs can only be set if you already control the account.
Bug found by gmaxwell.
