* Don't clear the token cookie when mailing a password -- this may belong to a different user entirely! If it's the same user, then no harm; the old cookie just won't have any affect. If they're making someone else's account, this will avoid clearing their own token.
* Defer load of groups data
* Introduce newFromRow()/loadFromRow() to allow bulk loading of user objects from a result set
* Hook email and email authentication save/load to allow CentralAuth to provide a global email address
* Defer save of user data after confirmEmail() and invalidateEmail(). Caller must now also call saveSettings(). This reduces the master query count in some code paths.
Elsewhere:
* Introduce UserArray class, for bulk loading of user objects. Immediately useful in email notification, potentially useful for proposed user alias feature.
* In Special:Confirmemail, remove useless handling for impossible false return from confirmEmail()/invalidateEmail().
* Add user preference to always show hidden categories
* Add all hidden categories to [[Category:Hidden categories]], localised by hidden-category-category
* Add wgVariantArticlePath and wgActionPaths to the JS variables script, needed to determine title from link href.
* Credential data in the session is destroyed, so the session is harmless. But it is still useful for abuse tracking (logout/login sequences) and similar analysis.
* Not much point in removing the username persistence feature if you can't improve the squid cache hit ratio, which was obviously your goal.
Actually, keeping a session is still bad. And trying to ensure that they don't see cached content... Well, thats wrong idea.
See, if someone is logged out, he is anonymous and deserves to see cached content as everyone else.
So, let's destroy all cookies.
* Mark private methods private using a keyword.
* Reject arrays with count == 2: these will fail when you do array_slice( ... , 1 ).
* Treat xor consistent with the other operations: if there's only one parameter the result should just evaluate that, not always return false; and any number of parameters should be allowed.
* Fail fast on bad input: throw an exception if Autopromote encounters a condition it can't understand (after asking extensions).
* Code documentation! There were five lines of comments in the original commit.
* APCONDS_INGROUPS is not used, or for that matter defined.
* Editcount should use >=, not >, for consistency with past behavior and intuitiveness.
* "autopromoteUser" sounds like it's actually promoting the user somehow. Renamed the function to getAutopromoteGroups.
* Make sure we don't return the same group more than once, when we're returning a group. Probably not going to hurt, but may as well be clean.
* Bug 9213: Fixed the plainly broken user_newtalk updating and caching scheme. I tried to keep my changes roughly performance-neutral, but the update on Wikimedia should be watched carefully for performance problems.
* Made UserMailer a class, use the autoloader to load it
* General UserMailer refactoring
* If the user has email-on-newtalk enabled, send them an email for every change, not just the first one before they view the page again.
* Don't add a watchlist entry automatically on change of user talk page
of the strict() authentication behavior.
Fixes the hole where old local passwords could still be used to log into the global account after merging.
Based on patch by Rotem Liss from http://he.wikipedia.org/wiki/%D7%9E%D7%A9%D7%AA%D7%9E%D7%A9:Rotemliss/CentralAuth#2
Changed function name from authenticateLocally() to strictUserAuth() and reversed return value to mesh a little better with strict()
* JavaScript video player based loosely on Greg Maxwell's player
* Image page text snippet customisation
* Abstraction of transform parameters in the parser. Introduced Linker::makeImageLink2().
* Made canRender(), mustRender() depend on file, not just on handler. Moved width=0, height=0 checking to ImageHandler::canRender(), since audio streams have width=height=0 but should be rendered.
Also:
* Automatic upgrade for oldimage rows on image page view, allows media handler selection based on oi_*_mime
* oi_*_mime unconditionally referenced, REQUIRES SCHEMA UPGRADE
* Don't destroy file info for missing files on upgrade
* Simple, centralised extension message file handling
* Made MessageCache::loadAllMessages non-static, optimised for repeated-call case due to abuse in User.php
* Support for lightweight parser output hooks, with callback whitelist for security
* Moved Linker::formatSize() to Language, to join the new formatTimePeriod() and formatBitrate()
* Introduced MagicWordArray, regex capture trick requires that magic word IDs DO NOT CONTAIN HYPHENS.
