Skip to content

Commit c24d24a

Browse files
tarrowtarrow
committed
Run wikiman and sync.sh
Mostly pulls in language updates. Some minor changes in core and extensions. Also new versions of some composer packages.
1 parent 67b4e44 commit c24d24a

921 files changed

Lines changed: 26259 additions & 16876 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

dist-persist/composer.lock

Lines changed: 450 additions & 290 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/RELEASE-NOTES-1.43

Lines changed: 73 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,85 @@ PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
44
PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
55
PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
66
PHP 8.4 workboard: https://phabricator.wikimedia.org/tag/php_8.4_support/
7+
PHP 8.5 workboard: https://phabricator.wikimedia.org/tag/php_8.5_support/
78

89
== MediaWiki 1.43.6 ==
910

10-
THIS IS NOT A RELEASE YET
11+
This is a security and maintenance release of the MediaWiki 1.43 branch.
1112

1213
=== Changes since 1.43.5 ===
1314
* Localisation updates.
15+
* (T394396) Revert "SECURITY: Escape rawElement $content".
16+
* (T394059) DeduplicateStyles: Only transform possible style nodes.
17+
* UserGroupManager: Use MainConfigNames::PrivilegedGroups rather than
18+
string literal.
19+
* (T406391) RemexCompatFormatter: Don't encode HTML entities in raw-text
20+
elements.
21+
* (T402438) api: Allow ApiResult to override imagerepository key in
22+
prop=imageinfo.
23+
* ParserOutput: Add default values for JSON deserialization.
24+
* (T355853, T407172) Make the login and signup forms wider.
25+
* (T292868) Forward-compatibility: allow output flags to be serialized in
26+
`OutputFlags`.
27+
* ResourceLoader: Update cssjanus/cssjanus to wikimedia/cssjanus.
28+
* (T85085) Improve CSS checking in SVG filter.
29+
* (T405064) Fix the premature loop exit in Parser.cleanUpTocLine.
30+
* (T407289) i18n: deprecate double-underscore magic words which don't start/end
31+
with __.
32+
* i18n: all behavior switches should start/end with __ (part 2).
33+
* (T407289) i18n: Remove deprecated behavior switches without underscores in
34+
et/sh-latn/vep.
35+
* (T407770) Add symfony/polyfill-php84 and symfony/polyfill-php85.
36+
* maintenance/getConfiguration.php: Fix null warning and serialize error.
37+
* (T328605) ApiParse: Introduce prop=tocdata as replacement for prop=sections.
38+
* (T406283) ApiSandbox: Use POST when we have long URL.
39+
* (T401987, T401995, CVE-2025-67484) SECURITY: Disable xslt option by default.
40+
* (T410913) SpecialVersion: Fix "Cannot use bool as array" warning.
41+
* (T410928) resourceloader: Fix null offset in ClientHtml module sorting.
42+
* (T410934) Remove noop xml_parser_free() calls.
43+
* (T410920) Language: Prevent passing '' to ord() in ucfirst().
44+
* (T410912) Language: Fix "ord(): Providing a string that is not one byte long
45+
is deprecated."
46+
* (T410912) MessageCache: Fix "ord(): Providing a string that is not one byte
47+
long is deprecated."
48+
* (T410920) Language: Prevent passing '' to ord() in lcfirst().
49+
* (T410963) Upgrade wikimedia/xmp-reader from 0.9.4 to 0.10.2.
50+
* (T411016) Upgrading wikimedia/cldr-plural-rule-parser (v2.0.0 => v3.0.0).
51+
* (T411075) Api: Initialise reference variable.
52+
* (T411018) IndexPager: Set '' as default value for 'order'.
53+
* (T410914) Language: Fix PHP 8.5 warnings for NAN/INF string coercion in
54+
formatNumInternal.
55+
* (T410914) Language: Fix PHP 8.5 warnings for NAN/INF string coercion in
56+
parseFormattedNumber.
57+
* (T338103, T411214) ApiResult: Fix "ord(): Providing a string that is not one
58+
byte long is deprecated."
59+
* (T356544) Replace uses of Xml::fieldset(), deprecated since 1.42.
60+
* (T393790) htmlform: Fix rendering contents for cloner fields.
61+
* (T391882) HTMLFormFieldCloner: Fix multiple bugs related to conditional
62+
states.
63+
* (T406374) htmlform: Load ooui before infusing field cloner buttons.
64+
* (T411199) initEditCount: Fix count for users with no edits.
65+
* (T411827) SpecialPageFactory: Handle resolveAlias() returning null in
66+
getPage() and exists().
67+
* (T411968) Installer: Do not use null as array offset.
68+
* Add support for HTTP/3 in MultiHttpClient.
69+
* (T295568) mediawiki.jqueryMsg: Support self-closing HTML tags.
70+
* (T411968) EditResultBuilder: Do not use null as array offset.
71+
* Add http/3 to runMulti in MultiHttpClient
72+
* (T406639, CVE-2025-67477) SECURITY: Escape word-separator message in
73+
Special:ApiSandbox.
74+
* (T406664, CVE-2025-67475) SECURITY: Escape square brackets in autocomment
75+
links.
76+
* (T385403, CVE-2025-67478) SECURITY: Always escape commas in mail
77+
encoded-words.
78+
* (T407131, CVE-2025-67479) SECURITY: Sanitizer: disallow underscore and wide
79+
underscore in data-* attribute names.
80+
* (T401053, CVE-2025-67480) SECURITY: Check read permissions in
81+
ApiQueryRevisionsBase.
82+
* (T409226, CVE-2025-67483) SECURITY: mediawiki.page.preview: Escape
83+
'comma-separator' between multiple protection levels.
84+
* (T251032, CVE-2025-67481) SECURITY: Disallow 'style' attribute in client-side
85+
messages (jqueryMsg).
1486

1587
== MediaWiki 1.43.5 ==
1688

dist/autoload.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2661,6 +2661,7 @@
26612661
'MediaWiki\\Title\\TitleFormatter' => __DIR__ . '/includes/title/TitleFormatter.php',
26622662
'MediaWiki\\Title\\TitleParser' => __DIR__ . '/includes/title/TitleParser.php',
26632663
'MediaWiki\\Title\\TitleValue' => __DIR__ . '/includes/title/TitleValue.php',
2664+
'MediaWiki\\Upload\\SVGCSSChecker' => __DIR__ . '/includes/upload/SVGCSSChecker.php',
26642665
'MediaWiki\\User\\ActorCache' => __DIR__ . '/includes/user/ActorCache.php',
26652666
'MediaWiki\\User\\ActorMigration' => __DIR__ . '/includes/user/ActorMigration.php',
26662667
'MediaWiki\\User\\ActorMigrationBase' => __DIR__ . '/includes/user/ActorMigrationBase.php',

dist/composer.json

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,6 @@
2222
"prefer-stable": true,
2323
"require": {
2424
"composer/semver": "3.4.3",
25-
"cssjanus/cssjanus": "2.3.0",
2625
"ext-calendar": "*",
2726
"ext-ctype": "*",
2827
"ext-dom": "*",
@@ -51,15 +50,19 @@
5150
"ralouphie/getallheaders": "3.0.3",
5251
"symfony/polyfill-php82": "1.31.0",
5352
"symfony/polyfill-php83": "1.31.0",
53+
"symfony/polyfill-php84": "1.32.0",
54+
"symfony/polyfill-php85": "1.33.0",
5455
"symfony/yaml": "5.4.45",
5556
"wikimedia/assert": "0.5.1",
5657
"wikimedia/at-ease": "3.0.0",
5758
"wikimedia/base-convert": "2.0.2",
5859
"wikimedia/bcp-47-code": "2.0.0",
5960
"wikimedia/cdb": "3.0.0",
60-
"wikimedia/cldr-plural-rule-parser": "2.0.0",
61+
"wikimedia/cldr-plural-rule-parser": "3.0.0",
6162
"wikimedia/common-passwords": "0.5.0",
6263
"wikimedia/composer-merge-plugin": "2.1.0",
64+
"wikimedia/css-sanitizer": "^5.1.0 || ^5.2.0 || ^5.3.0 || ^5.4.0",
65+
"wikimedia/cssjanus": "2.3.0",
6366
"wikimedia/html-formatter": "4.1.0",
6467
"wikimedia/ip-utils": "5.0.0",
6568
"wikimedia/json-codec": "3.0.3",
@@ -81,7 +84,7 @@
8184
"wikimedia/timestamp": "4.1.1",
8285
"wikimedia/wait-condition-loop": "2.0.2",
8386
"wikimedia/wrappedstring": "4.0.1",
84-
"wikimedia/xmp-reader": "0.9.4",
87+
"wikimedia/xmp-reader": "0.10.2",
8588
"zordius/lightncandy": "1.2.6"
8689
},
8790
"require-dev": {

0 commit comments

Comments
 (0)