MediaWiki-l September 2020

mediawiki-l@lists.wikimedia.org

24 participants
29 discussions

Recent parser change regarding tildes in comments?
by Thomas Dalton 28 Feb '26

28 Feb '26

Has the parser just been changed with regards to tildes (~~~~) inside HTML comments? It appears they used to be ignored, and are now suddenly being replaced en masse the next time someone edits the page (and can't be easily reverted - it just changes the sig to the reverter's instead). See http://en.wikipedia.org/wiki/Wikipedia:Articles_for_creation/2006-06-02-ear… for an example.

6 7

RE: [Mediawiki-l] Re: How to create a new Special page
by Bart Q. Simon 26 Nov '25

26 Nov '25

I distinctly remember there was a way to add a title to a special page simply by entering in a URL, then adding the title to the wiki edit field, and then saving. The new "writing a new special page" how-to is very confusing - and it wants me to write PHP to get the title to show up. There was an easier way... I can't find this how-to anywhere- though I'm sure it used to exist. FX can you walk me through how you've added a wiki page title to a special page? Thanks! -----Original Message----- From: mediawiki-l-bounces(a)Wikimedia.org [mailto:mediawiki-l-bounces@Wikimedia.org] On Behalf Of Rick DeNatale Sent: Thursday, May 19, 2005 2:33 PM To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] Re: How to create a new Special page On 5/13/05, FxParlant <f-x.p(a)laposte.net> wrote: > Hello; > There is a paragraph on how to create a special page in the FAQ > > > http://meta.wikimedia.org/wiki/Meta:FAQ#How_do_I_add_my_own_dynamic_cont ent_to_MediaWiki.3F > > It's not so difficult. At the end,it says you have to create a simple > page and write the name of your special page in it. If you forget this > the title of your special page will have < and > around. I haven't > got a clue why creating a page with the name in it solves this, but it works That page seems to have changed, it now just has a pointer to an article about writing an extension which really doesn't seem to build a special page. I just figured out how to build a new special page which is like the Uncategorized pages page, but looks at the Image namespace. I wrote it up at http://meta.wikimedia.org/wiki/Writing_a_new_special_page _______________________________________________ MediaWiki-l mailing list MediaWiki-l(a)Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

3 2

Are there any good resources for writing scripts and gadgets
by Arcane 21 25 Nov '25

25 Nov '25

I'm currently trying to adapt several gadgets that are meant for wikis using the Monobook/Vector skins to the Monaco skin, and so far, I've managed to successfully port over the UTC Clock gadget and Sandbox page gadget to Monaco, but aside from those I've been having trouble since, frankly, my knowledge of Javascript/JQuery is slim and I'm not familiar with all the variables used in writing user scripts. I've fairly decent with CSS style sheets, but I still need help with Javascript, so does anyone know of some good resources I could look into, preferably tailored for writing scripts on MediaWiki? Also, if anyone wants to see what I have done so far (and have released publicly), the wiki I have been testing my live gadget/user script code on is here: https://mediawikitesters.orain.org/wiki/Main_Page

4 3

Lis tes messages avant qu'ils ne soient effacés!
by Badoo 31 Dec '23

31 Dec '23

Lis ton message de Nganguem Victor avant qu'il ne soit effacé! Pour lire ton message, suis simplement ce lien: http://eu1.badoo.com/chatnoirxx/in/p4hxwt052ok/?lang_id=6 D'autres personnes sont aussi présentes: Oded (Tel Aviv, Israël) Priya (Udaipur, Inde) RajaYogi BK (Udaipur, Inde) Karuna (Udaipur, Inde) Chika Reginald Onyia (Pnompen', Cambodge) ...Qui d'autre? http://eu1.badoo.com/chatnoirxx/in/p4hxwt052ok/?lang_id=6 Les liens ne fonctionnent pas dans ce message? Copie les dans la barre d'adresse de ton navigateur. Tu as reçu cet email suite à un message envoyé par Nganguem Victor de notre système. S'il s'agit d'une erreur, ignore simplement cet email. La requête sera alors effacée du système. Amuse-toi bien ! L'équipe Badoo Courrier automatique de Badoo suite à l'envoi d'un message à ton attention sur Badoo. Les réponses ne sont ni stockées, ni traitées. Si tu ne veux plus recevoir de message de Badoo, fais-le nous savoir: http://eu1.badoo.com/impersonation.phtml?lang_id=6&mail_code=65&email=media…

3 2

Noisy Mediawiki 1.34.4 upgrade
by Jeffrey Walton 04 Dec '21

04 Dec '21

Hi Everyone, During a Mediawiki 1.34.3 to Mediawiki 1.34.4 upgrade... When updating vendor components using 'php -d extension=phar.so composer.phar update': Package wikimedia/password-blacklist is abandoned, you should avoid using it. Use wikimedia/common-passwords instead. Package jakub-onderka/php-parallel-lint is abandoned, you should avoid using it. Use php-parallel-lint/php-parallel-lint instead. Package jakub-onderka/php-console-color is abandoned, you should avoid using it. Use php-parallel-lint/php-console-color instead. Package jakub-onderka/php-console-highlighter is abandoned, you should avoid using it. Use php-parallel-lint/php-console-highlighter instead. Package phpunit/php-token-stream is abandoned, you should avoid using it. No replacement was suggested. Package phpunit/phpunit-mock-objects is abandoned, you should avoid using it. No replacement was suggested. I don't add things to vendor/, and I did not install packages like password-blacklist or php-parallel-lint. It looks like these are part of a Mediawiki installation. /var/www/html/wiki# find . -name password-blacklist ./vendor/wikimedia/password-blacklist /var/www/html/wiki# find . -name php-parallel-lint ./vendor/jakub-onderka/php-parallel-lint Jeff

5 6

Announcing MediaWiki 1.35.0
by Sam Reed 17 Oct '20

17 Oct '20

I am happy to announce the belated availability of the general release of MediaWiki 1.35! Tarballs have already been uploaded, and the git tag has been pushed. Thanks to everyone who helped out with this release, especially thanks to those who tested out the release candidates and provided feedback, as well as the developers who worked hard to get several important fixes merged in time for the 1.35 final release. To see what's changed in 1.35, see the release notes below. Please note that the PHP version requirement has been raised from 7.2.9 in MediaWiki 1.34 (and 7.0 in MediaWiki 1.31), to 7.3.19. MediaWiki 1.35 is an LTS and is due to be supported until the end of September 2023. As a reminder, 1.31 is due to become end of life in June 2021. 1.34 is due to become end of life in November 2020. As per the pre-release announcement, 1.35.0 also includes some security fixes that weren't in the release candidates, which came out yesterday for the ther supported MediaWiki branches. Known/outstanding issues: * VisualEditor and Parsoid are now bundled in the tarball and no longer need a separate Node.js service. The documentation for this still may still require some updates. Please report any bugs [2] if this affects you. * (T259685) Zeroconf (zero-configuration) VisualEditor/Parsoid doesn't work using SQLite as the database backend for MediaWiki. This is due to the lack of write concurrency in SQLite. If you wish to use this feature, it is recommended to use MySQL/MariaDB rather than SQLite. * Watchlist expiry (behind the $wgWatchlistExpiry flag) is currently still experimental. It should become stable in a later point release. Please report any issues/bugs [3]. == Security fixes == * (T232568, CVE-2020-25813) SECURITY: SpecialUserrights: If a viewer lacks `hideuser`, ignore hidden users. * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on Special:Contributions. * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within LogEventsList. * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking firejail's --output functionality. * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 'style' attribute. * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message( ... ).parse(). * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct database. * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used. * (T251661, CVE-2020-25827) SECURITY: TOTP throttle not enforced cross-wiki. == Links to all mentioned tasks == * https://phabricator.wikimedia.org/T232568 * https://phabricator.wikimedia.org/T255918 * https://phabricator.wikimedia.org/T256171 * https://phabricator.wikimedia.org/T258763 * https://phabricator.wikimedia.org/T86738 * https://phabricator.wikimedia.org/T115888 * https://phabricator.wikimedia.org/T260485 * https://phabricator.wikimedia.org/T251661 === Changes since MediaWiki 1.35.0-rc.3 === * (T261258) Remove checks for ancient ImageMagick versions in BitmapHandler. * (T260232) Don't include null page ids in query list for category dumps. * (T260009) Check existing watchitem when saving action=watch. * (T259055) Correct success messages for action=watch. * mediawiki.page.ready: Simpler tablesorter/makeCollapsible call. * mediawiki.page.ready: Fix skin override config flags, wrong way round. * (T262175, T248512) Remove requirement for ApiWatchlistTrait to be in ApiBase. * (T259053, T260434) Watchlist: Fix updateWatchLink removing css class when action=watch. * (T261901, T261476) mediawiki.notification: Don't close notif when clicking <select> element. * (T251506) Sanitizer: Truncate IDs to a reasonable length. * (T259452) Parsoid updated to v0.12.0. * (T261970) watch.ajax: Add expiry support to watchpage.mw event. * (T262900) Fix failure of rebuildLocalisationCache.php due to ResourceLoader hook. * (T263014) Hard deprecate File::userCan() with $user=null. * (T262547) Use localized success message after watching via action=watch. * (T201491) Fix typo 'Watchlst' in `apihelp-edit-param-watchlistexpiry`. * (T261081) Installer: consistently reset Language objects. * (T250449, T250450) Installer: consistently reset Language objects. * Explicitly wrap some XML calls in libxml_disable_entity_loader(). * (T262934) Ensure dropdown label is always on its own line. * (T246855) resourceloader: Use a local HookRunner. * (T263604) Have findBadBlobs.php require Maintenance.php rather than cleanupTable.inc. * (T263606) Set fake time, to avoid flaky tests. * (T261325) Add FindMissingActors script. * (T262364) shell: Don't blacklist /run/firejail. * (T263655) NewPagesPager: Ignore nonexistent namespaces. * Update specialPageAliases and magicWords for Egyptian Arabic (arz). * (T261347) ParserOutput: don't throw on bad editsection. * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on Special:Contributions. * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within LogEventsList. * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking firejail's --output functionality. * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 'style' attribute. * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message( ... ).parse(). * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct database. * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used. * Add Finnish special page aliases. * Fix GuzzleHttpRequest request headers. * Fix description for pruneFileCache.php. * emptyUserGroup.php: handle more than 5000 users. * Make ApiSandbox copyable URL absolute. * (T261087) Add a link from a deleted page to that page's logs. Open Bugs: [1] https://phabricator.wikimedia.org/project/board/4035/ Bug report form: [2] https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-… [3] https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-… ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz Patch to previous version (1.35.0-rc.3): https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz GPG signatures: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz.… https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz.sig Public keys: https://www.mediawiki.org/keys/keys.html Release Notes https://www.mediawiki.org/wiki/Release_notes/1.35

6 9

Fwd: Public API for Wikimedia map tiles to be discontinued in 45 days
by Erica Litrenta 06 Oct '20

06 Oct '20

[crosspost from Maps-l] Today the Wikimedia Foundation is announcing the deprecation of the public API for Wikimedia map tiles. Around mid October the Foundation will end support for the Wikimedia Maps Service API [1]. This change affects people using Wikimedia maps on their own website or app. Maps on the Wikimedia sites, in Wikimedia-hosted tools and gadgets, and on maps.wikimedia.org won't be affected. This decision was made based on recent outage incidents, primarily due to spikes in third party usage, along with an analysis showing that more than a third of maps provided are to non-Wikimedia services (including many to for-profit organizations). After the most recent incident [2], the service was limited so that only cached maps tiles would be available. While this protected the servers, it made the service unpredictable and highlighted the unsustainability of our tile service. So, we have made the decision to discontinue the maps APIs for non-Wikimedia users. This change will allow our teams working on Maps to focus on the sustainability of the maps used within Wikimedia projects. You can follow the implementation of this change on Phabricator [3]. Best, Erica Litrenta [1] https://maps.wikimedia.org/osm-intl/ [2] https://wikitech.wikimedia.org/wiki/Incident_documentation/20200204-maps [3] https://phabricator.wikimedia.org/T261424 -- Erica Litrenta Manager, Community Relations Specialists https://meta.wikimedia.org/wiki/User:Elitre_(WMF)

1 2

Seeking ease of updating MediaWiki with extensions
by Even Thorbergsen 29 Sep '20

29 Sep '20

Hallo all, I have been maintaining a number of wiki installations based on MW and extensions (including SMW) for more than a decade. I must admit, I find it increasingly hard to update these installations. The old zips have mostly disappeared, and the once promising Composer is not straightforward to use, nor is GitHub. Composer is even disallowed by some internet providers, for some reason. I would have liked to see a management frontend where you select your choice of extensions, and get the corresponding code and possibly database updated, not having to know technical details, such as the structure of JSON files or other. As the situation is now, I suspect many wiki installations use rather old code versions, which is really a pity. Regards, Even Thorbergsen

2 1

MediaWiki Extensions and Skins Security Release Supplement (1.31.9/1.34.3/1.35.0)
by Scott Bassett 28 Sep '20

28 Sep '20

Greetings- With the security/maintenance release of MediaWiki 1.31.9/1.34.3/1.35.0 [0], we would also like to provide this supplementary announcement of MediaWiki extensions and skins with now-public Phabricator tasks, security patches and backports [1]: == MobileFrontend == + (T238075) - Alert group Cookie(s) without HttpOnly flag are set due to default configuration < https://gerrit.wikimedia.org/r/q/I8e84f1cbc8878974532b511cebd9de40c5de55c6 > == MobileFrontend == + (T262213, CVE-2020-26120) - XSS on Pages viewed within MobileFrontend extension < https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea > == CentralAuth == + (T260485, CVE-2020-25869) - CentralAuth uses wrong actor ID when locally suppressing the user < https://gerrit.wikimedia.org/r/q/Iaa886a1824e5a74f4501ca7e28917c780222aac0 > < https://gerrit.wikimedia.org/r/q/I2336954c665366a99f9995df9b08071d4de6db79 > == FileImporter == + (T262628, CVE-2020-26121) - FileImporter imports the file even when the target page is protected on Commons < https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b > The Wikimedia Security Team recommends updating these extensions and/or skins to the current master branch or relevant, supported release branch [2] as soon as possible. Some of the referenced Phabricator tasks above _may_ still be private. Unfortunately, when security issues are reported, sometimes sensitive information is exposed and since Phabricator is historical, we cannot make these tasks public without exposing this sensitive information. If you have any additional questions or concerns regarding this update, please feel free to contact security(a)wikimedia.org or file a security task within Phabricator [3]. [0] https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-September/000… [1] https://phabricator.wikimedia.org/T256342 [2] https://www.mediawiki.org/wiki/Version_lifecycle [3] https://www.mediawiki.org/wiki/Reporting_security_bugs -- Scott Bassett sbassett(a)wikimedia.org

1 0

Mediawiki speed running concept
by Julien Tremblay McLellan 27 Sep '20

27 Sep '20

Hello, I discovered a nifty game for any wiki, which is "wiki speedrunning". Where one measures the time it takes to get from page A to page B. This video has a small blurb about it, and is how I found it by chance, when searching for mediawiki related talks on youtube. https://www.youtube.com/watch?v=GhzmfHTuIJI I thought it neat, and wanted to share with the community at large. -- Regards, Julien Tremblay McLellan Ottawa, Canada Let's talk, just book me here +1-613-618-6699

1 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

MediaWiki-l September 2020