Page MenuHomePhabricator
Create Task
Maniphest T5605

wgWhitelistEdit
Closed, ResolvedPublic
Actions

Description

Author: r.carter

Description:
It appears that the wgWhitelistEdit directive fails to have any effect in
MediaWiki 1.4.10.

I have tracked the problem to EditPage.php

Lines: 55

		if ( !$wgUser->getID() && $wgWhitelistEdit ) {
			$this->userNotLoggedInPage();
			return;

Lines: 206

			if ( !$wgUser->getID() && $wgWhitelistEdit ) {
				$this->userNotLoggedInPage();
				return;

It seems that the boolean should use || rather than && to have the desired
effect. I have modified my version of the scipt and it seems to work. Prior to
this I could edit regardless of whether I was logged in or not.

Running on Red Hat Linux.

MediaWiki (http://wikipedia.sf.net/): 1.4.10 
PHP (http://www.php.net/): 4.3.9 (apache) 
MySQL (http://www.mysql.com/): 4.0.23a-log

Version: 1.4.x
Severity: normal
OS: Linux
Platform: Macintosh

Details

Reference
bz3605

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 8:51 PM
bzimport added a project: MediaWiki-Page-editing.
bzimport set Reference to bz3605.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Oct 4 2005, 11:33 PM
brion added a comment.Oct 4 2005, 11:40 PM

Those lines look correct; using || would be incorrect.

Here's the truth matrix:

Is anon, whitelist off: can edit
Not anon, whitelist off: can edit
Is anon, whitelist on: can't edit -> show 'not logged in' page
Not anon, whitelist on: can edit

As you can see this is a boolean 'and' operation.

Can you detail the exact settings you tried and exactly what you tried that "fails to
have any effect"?

bzimport added a comment.Oct 5 2005, 12:03 AM

r.carter wrote:

Here is the modified lines from my LocalSettings file:

-------------- Manual changes ----------------

$wgDisableAnonTalk = true;
$wgDisableUploads = false; # Uploads have to be specially set up to be secure
$wgCheckCopyrightUpload = true;
$wgRawHtml = true;
$wgUserHtml = true;

See the implimentation of this class for hooks to UoA LDAP

require_once(
'/afs/.ec.auckland.ac.nz/service/www/www.cs/administration/handbook/2006/includes/AuthPlugin.php'
);
$wgAuth = new AuthPlugin();
$wgWhitelistEdit = true; # true = user must login to edit.

-------------- End manual changes ----------------

I'm also running a MediaWiki 1.4.4 on another web site and the WhiteList
function works ok on that one. When I grep for the wgWhitelistEdit on both
versions I get the same code.

I've also checked for global scope but that seems ok.

Could SpecialSitesettings.php have any effect? It seems to be disconnected at
present.

brion added a comment.Oct 5 2005, 12:14 AM

I tried pasting the above settings into my 1.4 test wiki's configuration,
replacing the require_once for your authentication plugin with a reference
to the built-in includes/AuthPlugin.php.

It appears to work as expected: trying to edit a page when not logged in,
I receive the 'Login required to edit' prompt.

Can you try it without the custom auth plugin? Also check that your plugin
works correctly; you seem to be creating an instance of the base AuthPlugin
class. Is that your intention?

bzimport added a comment.Oct 5 2005, 12:20 AM

r.carter wrote:

With the new instance of the AuthClass removed the wiki behaves as expected.
Thank you for your help.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL