Extension:NoBogusUserpages
 Release status: stable |
|||
|---|---|---|---|
| Implementation | User rights | ||
| Description | Restriction that allows only privileged users to create userpages for non-existent users. | ||
| Author(s) | DantmanTalk | ||
| Last version | 1.0 | ||
| MediaWiki | 1.6 to 1.11, 1.12a(>=r26568) (See warning), 1.13+ | ||
| License | GPL | ||
| Download | Download snapshot Subversion [Help] |
||
|
|||
|
|||
|
Check usage (experimental) |
|||
This extension implements a restriction that allows only privileged users to create userpages for non-existent users. With this extension installed, new page creation at the root level of the User: namespace is blocked unless the creator's username is the same as the desired page name or the user has been assigned the createbogususerpage right (see user rights below for how to do that). Without this extension, anyone with the right to create pages in the user namespace can create bogus pages for users who do not exist on the wiki.
[edit] Installation
Note: $IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.php.
- Download a snapshot. Choose the version that matches your version of MediaWiki. Create a directory
NoBogusUserpagesin your$IP/extensionsdirectory. Extract the files to this$IP/extensions/NoBogusUserpagesdirectory. - Add
to the bottom of LocalSettings.php.require_once( "$IP/extensions/NoBogusUserpages/NoBogusUserpages.php" );
- Installation can now be verified through Special:Version of your wiki.
[edit] User rights
- createbogususerpage
- Allows users to create bogus userpages. By default this is given just to sysops.
$wgGroupPermissions['*' ]['createbogususerpage'] = false; $wgGroupPermissions['sysop']['createbogususerpage'] = true;
[edit] Alpha Warning
| MediaWiki version: | 1.12 |
The getUserPermissionsErrors hook was added in MediaWiki 1.12a (r26568), before then userCan is the hook to use.
We use version testing to tell us if we are inside of MediaWiki 1.12a or are in a version previous to 1.12. Unfortunately, this does not tell us if the wiki is running the alpha revision which has the new hook. And because of this, if you are running MediaWiki 1.12a, but you are running a version before r26568, this extension could actually be a security flaw. Meaning, it is possible that in MediaWiki 1.12a, before r26568 the extension will allow any user to create a userpage for a bogus user, even if you disallow page creation for them in general. (So even an anon who is not allowed to create any pages, but can edit, will be able to create bogus userpages as a result of this)
If you are running MediaWiki 1.12, please upgrade to r26568 or newer, apply r26568 as a patch to your code. Or hack the extension to only use the 'userCan' and false values in the code.
