* Introduce wfMsgWithLinks() and a content-language counterpart, wfMsgForContentWithLinks(); these escape HTML and render wiki links in text, so should be suitable for labels and so on
* Make Linker::formatLinksInComment() public
* Added support for configuration of an arbitrary number of commons-style file repositories.
* Split Image.php into filerepo/File.php and filerepo/LocalFile.php
* Renamed Image::getImagePath() to File::getPath()
* Added initial support for timestamp-based file fetching (OldLocalFile), to be expanded upon by aaron.
* Changed the interface for Image/File object creation: use wfFindFile() or wfLocalFile() depending on semantics
* ImageGallery::add() now accepts a title object as the first parameter
* Moved file handling operations on upload from SpecialUpload to File
* Removed path-related functions from ImageFunctions.php. Removed static path accessors from File.
* Added a Content-Disposition header to thumb.php output
* Improved thumb.php error handling
* Updated the unit test suite to kind of partially work with modern computers. RunTests.php doesn't work just yet. Fixed an actual regression that the test suite detected -- moved some defines to Defines.php where they will be loaded consistently.
* @link. You might think @link would surely mean "here comes a web URL" ... but @link is a valid command
in Doxygen, which means an entirely different kind of link (an internal link to somewhere, so that you can separate
documentation and implementation). The result is a mess, and the best solution I can see is to use "@see" instead of "@link".
* Warning: argument `nourl' of command @param is not found in the argument list of Linker::makeMediaLinkObj($title,$text='')
* Moving few class descriptions to right above classes, and/or formatting into Javadoc style.
* "@addtogroup Special Pages" --> "@addtogroup SpecialPage" so that all special pages have the same @addtogroup tag.
* @fixme --> @todo (must have missed these before)
* "@param $specialPage @see" remove the "@" in the "@see" to stop warning.
* @throws wants type, then a brief description, to stop warning.
This last one is for PHPdocumentor only, but it fixes something for PHPDocumentor, and should be neutral for Doxygen:
* WARNING in includes/api/ApiFormatYaml_spyc.php on line 860: docblock template never terminated with /**#@-*/
pick up the appropriate tags, and documentation blobs for classes. This is
the same as per r20769, but with the grouping changes (e.g. removing "@{{") omitted.
Please be advised that more related documentation tweaks may follow later - e.g.
Doxygen generates a log file of warnings that is 574 Kb in size, when run over
the just the trunk/phase3 code ... eek! Thankfully, much of that is just
whining about functions without documentation ;-)
Minor doc tweaks to prevent some PHPDocumentor warnings or errors when run on the includes/ directory. PHPDocumentor uses a syntax very similar to javadoc - mostly we already use this, but there were a few scattered places that were adjusted to make them consistent with the rest of the code. In practical terms, these changes were made:
* @url becomes @link
* @fixme becomes @todo
* HTML tags in descriptions must be closed / balanced.
* @bug was removed (where the bug was long fixed), or changed into a @todo (in the few situations where the bug was still pending)
* @obsolete becomes @deprecated
* Things like "/**@{{" and "/**@}}*/" which cause "unknown tag" warnings were removed
* @access must be a valid access level.
* @desc tag not needed, removed.
* Doesn't seem to like @licence, will accept @license however.
* Use full comment block notation in a few places (i.e. open block with "/**", start each line with " *", and end block with " */")
Then additional to this, to get some class docs associated with their respective classes:
* Moved some docs to right above those classes (deleting blank lines, or moving descriptions from the file headers)
* Marked some classes without docs as "@todo document"
* (done up to "class MIMEsearchPage" on the "classtrees_MediaWiki.html" page for the includes/ directory)
but $wgDebugLogFile does not exist yet: "filesize(): stat failed for sql-log.txt in includes/GlobalFunctions.php on line 219"
* Removing unused global $IP.
* Indentation of an if/else block.
* Trivial comment typo.
* Prevent PHP Fatal error: "Call to a member function getText() on a non-object in includes/SpecialListusers.php on line 46",
when opening a URL such as http://192.168.0.64/wiki/index.php/Special:Listusers?username=%22%27%3E
(i.e. when "Display users starting at:" username supplied in Special:Listusers is not a valid MediaWiki title).
* Fix HTML validation of protection form (i.e. when "action=protect").
to forestall additional UTF-7-autodetect XSS issues. Probably not an
issue on Apache 2.0+, but most servers send only 'text/html' by default
when the script didn't specify more details.
This fixes an issue with the Ajax interface error message on MSIE when
$wgUseAjax is enabled (not default configuration); this UTF-7 variant
on a previously fixed attack vector was discovered by Moshe BA from BugSec:
http://www.bugsec.com/articles.php?Security=24
* Trackback responses now specify XML content type
Content-Encoding and Content-Length headers, just don't send them
in the first place!
* Suppress Content-Length from wfOutputHandler if $wgDisableOutputCompression set
* Fix typo that caused $wgDisableOutputCompression to *enable* instead of *disable* compression ;)
This can be done either by:
* Using explicit full paths, using the $IP global for the installation directory full path, and then working down the tree from there.
* Using explicit full paths, using the "dirname(__FILE__)" directive to get a full directory path for the includer file.
* Occasionally removing the line altogether, and then for some files the inclusion is handled by the autoloader.
For example, if the "extensions/wikihiero/wh_main.php" file does an include or require on "wh_list.php", then PHP does the following:
* tries to open "wiki/wh_list.php", and fails.
* tries to open "wiki/includes/wh_list.php", and fails.
* tries to open "wiki/languages/wh_list.php", and fails.
* tries to open "wiki/extensions/wikihiero/wh_list.php", and succeeds.
So in this example, the first 3 calls can be prevented if PHP is told where the file is.
Testing Method: On a Linux box, run these commands to attach strace to all the apache2 processes, and log their system calls to a temporary file, then generate some activity, and then stop the strace:
-----------------------------------
rm /tmp/strace-log.txt
strace -tt -o /tmp/strace-log.txt -p `pidof apache2 | sed 's/ / -p /g'` &
php maintenance/fuzz-tester.php --keep-passed-tests --include-binary --max-runtime=3 > /tmp/strace-tests.txt
killall -9 strace
grep "No such file or directory" /tmp/strace-log.txt | sort -u
-----------------------------------
Any failed file stats will be marked with: "-1 ENOENT (No such file or directory)".
Also:
* Strict Standards: Undefined offset: 230 in includes/normal/UtfNormal.php on line 637
* Strict Standards: iconv() [<a href='function.iconv'>function.iconv</a>]: Detected an illegal character in input string in languages/Language.php on line 776
[Note: Partial only - despite adding "//IGNORE", it still seems to be possible with some
messed- up binary input to cause PHP 5.1.2's iconv() function to squeal like a stuck pig].
* Update one $fname variable (method belongs to HistoryBlobStub class).
* use configured cache servers for mctest.php
* bucket details in mcc.php
* fix input validation and remove debugging code in compressOld
* full ID range for moveToExternal
* fix resolveStubs.php for compatibility with older serialized data
* maximum line length for bar graphs in getLagTimes.php
* recognize specieswiki in rebuildInterwiki.inc
* --purge option to do additional parser-cache purging for purgeList.php
* default changed in MiniDonation extension
* profile unicode cleanup in Xml
* log slow parses in Article.php
* profile wfMsgReal
* log mkdir failures
* profile AutoLoader
* rebuild empty DjVu metadata containing ''
* security fix for DjVu metadata retrieval
* include old failing tests in --record output, at the end of the changed items
* suppress failure notices during run if --record and --quiet are both specified, so they're not duped
* show relative paths for the test input files
* moved FiveUpgrade::relativize() to wfRelativePath() for wider use; using DIRECTORY_SEPARATOR instead of '/' but might explode on windows, haven't tried it ;) won't handle different drives/UNC servers right, probably
