Anonymous users shouldn't be allowed to create User:* pages
Closed, DeclinedPublic
Actions

Assigned To

None

Authored By

	Qgil
	Oct 2 2013, 5:28 PM

Description

Currently anonymous users can create new pages under the "User" namespace, which doesn't make any sense.

This is an approach used by spammers, also in installations with some filter in account creation: they just go an create "user pages"anonymously, pasting there their rubbish.

What is the right approach to fix this? [[mw:Manual:$wgNamespaceProtection]] prevent just any edits made by some user group to some namespace. But that might be too restrictive since there might be good reasons for an anonymous users to edit or comment an existing user page. Is there a way to prevent page creation only?

Version: unspecified
Severity: normal

Details

Reference: bz54887

Event Timeline

• bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 2:34 AM

• bzimport added a project: MediaWiki-Page-protection.

• bzimport set Reference to bz54887.

• bzimport added a subscriber: Unknown Object (MLST).

Qgil created this task.Oct 2 2013, 5:28 PM

We only differentiate between create and createtalk for creation permissions. If you need namespace-specific creation/editing permissions then I suggest looking at one of the numerous extensions that can handle this.

WONTFIX for core?

There are probably extensions that could do that, or it would be a very simple extension to write. Actually, just add something like this in your LocalSettings:

$wgHooks['userCan'][] = function ( &$title, &$user, $action, &$result ) {
if ( ( $action === 'edit' || $action === 'create' )

		&& $title->getNsText() === "User"
		&& !$user->isLoggedIn()

) {

		return false;

}
return true;
}

Anonymous users shouldn't be allowed to create User:* pagesClosed, DeclinedPublicActions

Description

Details

Event Timeline

Anonymous users shouldn't be allowed to create User:* pages
Closed, DeclinedPublic
Actions