Page MenuHomePhabricator
Create Task
Maniphest T273687

ProtectSite may grant rights to users they do not otherwise have
Closed, ResolvedPublic
Actions

Description

In the ProtectSite extension, if rights are left unchanged they may be granted by ProtectSite while the effects of other "protection" are implemented.

https://github.com/wikimedia/mediawiki-extensions-ProtectSite/blob/master/includes/ProtectSite.php#L106

For example, if you have edit restricted to anonymous users (hardcoded in LocalSettings.php or elsewhere) and then try to protect the site against page moves, well anonymous users were just granted the right to edit articles.

ProtectSite should only *restrict* actions, never grant. Ideally through the use of a hook rather than trying to override $wgGroupPermissions.

Details

SubjectRepoBranchLines +/-
Never grant rights when protecting the sitemediawiki/extensions/ProtectSitemaster+22 -20
Customize query in gerrit

Related Objects

Event Timeline

Pcj created this task.Feb 2 2021, 10:11 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 2 2021, 10:11 PM
ashley added projects: ShoutWiki, Uncyclomedia.Feb 2 2021, 10:17 PM
ashley added subscribers: ashley, Isarra, lcawte.
SlyCooperFan1 subscribed.Feb 3 2021, 11:10 AM
Peachey88 edited projects, added MediaWiki-extensions-ProtectSite; removed MediaWiki-extensions-Other.Sep 12 2022, 10:52 AM
SlyCooperFan1 unsubscribed.Sep 12 2022, 2:56 PM
gerritbot added a comment.Sep 24 2022, 3:46 PM

Change 834659 had a related patch set uploaded (by Seb35; author: Seb35):

[mediawiki/extensions/ProtectSite@master] Never grant rights when protecting the site

https://gerrit.wikimedia.org/r/834659

gerritbot added a project: Patch-For-Review.Sep 24 2022, 3:46 PM
Seb35 subscribed.Sep 24 2022, 7:15 PM

I propose the linked patch, adding on each right a preliminary condition ( $wgGroupPermissions[$group][$right] ?? false ) && … to be sure no right can be added but only removed.

Another possible solution would be to use $wgRevokePermissions (doc), but it would remove rights to sysops also.

Also, another solution could be to use PermissionManager::addTemporaryUserRights() (code) to remove rights for this request, but it would be a more risky change since the function is not advertised to remove rights -- I didn’t test it.

The patch currently fails on Jenkins, but it is due to T317499.

gerritbot added a comment.Feb 27 2023, 2:14 AM

Change 834659 merged by jenkins-bot:

[mediawiki/extensions/ProtectSite@master] Never grant rights when protecting the site

https://gerrit.wikimedia.org/r/834659

Seb35 mentioned this in rEPRO385120e2c19a: Never grant rights when protecting the site.Feb 27 2023, 2:17 AM
Maintenance_bot removed a project: Patch-For-Review.Feb 27 2023, 2:30 AM
Seb35 closed this task as Resolved.Feb 27 2023, 10:53 AM
Seb35 claimed this task.

This is now fixed in branch master, so it will in branches REL1_40 and further, and in versions 0.5.4+.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL