Page MenuHomePhabricator
Create Task
Maniphest T109463

check for public wiki
Open, Needs TriagePublic
Actions

Description

img_auth.php only checks access rights only in non public wikis. the check for public wikis is done by

$publicWiki = in_array( 'read', User::getGroupPermissions( array( '*' ) ), true );

It seems to me that this check does not completely address the conditions NSFileRepo and Lockdown address. Using them it is well possible to have a read access for everyone that is afterwards being reduced by additional restrictions by Lockdown. So it seems to me that this check for public wikis should be changed.

This is ultimately an issue for mediawiki itself but we could make some suggestion from the standpoint of these extensions.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL