Extension:NoBogusUserpages
From MediaWiki.org
 Release status: beta |
|
|---|---|
| Implementation | User rights |
| Description | Allows for restriction of creation of bogus userpages to privileged users only. |
| Author(s) | Dantman Talk |
| Version | 1.0 |
| MediaWiki | 1.6 to 1.11, 1.12a(>=r26568) (See warning) |
| License | GPL |
| Download | On this page |
| Added rights | createbogususerpage |
| Hooks used | userCan |
Contents |
[edit] What can this extension do?
Allows for restriction of creation of bogus userpages to privileged users only.
If you are using MediaWiki 1.12 or newer, it will also display a proper access error instead of a generic error.
[edit] Download instructions
Please cut and paste the code found below to the locations specified by the section names.
[edit] Installation
To install this extension, add the following to LocalSettings.php:
require_once( "extensions/NoBogusUserpages/NoBogusUserpages.php" );
[edit] Alpha Warning
The getUserPermissionsErrors hook was added in MediaWiki 1.12a (r26568), before then userCan is the hook to use.
We use version testing to tell us if we are inside of MediaWiki 1.12a or are in a version previous to 1.12. Unfortunately, this does not tell us if the wiki is running the alpha revision which has the new hook. And because of this, if you are running MediaWiki 1.12a, but you are running a version before r26568, this extension could actually be a security flaw. Meaning, it is possible that in MediaWiki 1.12a, before r26568 the extension will allow any user to create a userpage for a bogus user, even if you disallow page creation for them in general. (So even an anon who is not allowed to create any pages, but can edit, will be able to create bogus userpages as a result of this)
If you are running MediaWiki 1.12, please upgrade to r26568 or newer, apply r26568 as a patch to your code. Or hack the extension to only use the 'userCan' and false values in the code.
[edit] User rights
- createbogususerpage
- Allows users to create bogus userpages. By default this is given just to sysops.
$wgGroupPermissions['*' ]['createbogususerpage'] = false; $wgGroupPermissions['sysop']['createbogususerpage'] = true;
[edit] Code
[edit] extensions/NoBogusUserpages/NoBogusUserpages.php
<?php /** * NoBogusUserpages * @package NoBogusUserpages * @author Daniel Friesen (http://www.wikia.com/wiki/User:Dantman) <dan_the_man@telus.net> * @license http://www.gnu.org/copyleft/gpl.html GNU General Public License 2.0 or later * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ if( !defined( 'MEDIAWIKI' ) ) die( "This is an extension to the MediaWiki package and cannot be run standalone." ); $wgExtensionCredits['other'][] = array ( "name" => "NoBogusUserpages", "url" => "http://www.mediawiki.com/wiki/Extension:NoBogusUserpages", "author" => "[http://www.mediawiki.com/wiki/User:Dantman Daniel Friesen] [mailto:Daniel%20Friesen%20%3Cdan_the_man@telus.net%3E <dan_the_man@telus.net>]", "description" => "Restricts creation of userpages for which a user does not exist by those without rights to do so." ); $wgAvailableRights[] = 'createbogususerpage'; $wgGroupPermissions['*' ]['createbogususerpage'] = false; $wgGroupPermissions['sysop']['createbogususerpage'] = true; require_once( dirname(__FILE__).'/NoBogusUserpages.body.php' ); $wgExtensionFunctions[] = 'efNoBogusUserpagesSetup'; function efNoBogusUserpagesSetup() { global $wgMessageCache, $wgVersion; require_once( dirname(__FILE__).'/NoBogusUserpages.i18n.php' ); $wgMessageCache->addMessagesByLang($messages); // Anything older than 1.6 wont' work. wfUseMW( '1.6' ); if( version_compare( $wgVersion, '1.12a', '<' ) ) // We are in pre 1.12, use the old hook. $wgHooks['userCan'][] = 'efNoBogusUserpagesUserCan'; else // We are in 1.12, use the new hook which allows for a custom message. $wgHooks['getUserPermissionsErrors'][] = 'efNoBogusUserpagesUserCan'; }
[edit] extensions/NoBogusUserpages/NoBogusUserpages.body.php
<?php /** * NoBogusUserpages * @package NoBogusUserpages * @author Daniel Friesen (http://www.wikia.com/wiki/User:Dantman) <dan_the_man@telus.net> * @license http://www.gnu.org/copyleft/gpl.html GNU General Public License 2.0 or later * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ if( !defined( 'MEDIAWIKI' ) ) die( "This is an extension to the MediaWiki package and cannot be run standalone." ); function efNoBogusUserpagesUserCan( $title, $user, $action, $result ) { global $wgVersion; // If we're not in the user namespace, // or we're not trying to edit, // or the page already exists, // or we are allowed to create bogus userpages // then just let MediaWiki continue. if( $title->getNamespace() != NS_USER || $action != 'create' || $user->isAllowed('createbogususerpage') ) return true; $userTitle = explode( '/', $title->getText(), 2 ); $userName = $userTitle[0]; // Don't block the creation of IP userpages if the page is for a IPv4 or IPv6 page. if( User::isIP($userName) || User::isIPv6($userName) ) return true; // Check if the user exists, if it says the user is anon, // but we know we're not on an ip page, then the user does not exist. // And therefore, we block creation. $user = User::newFromName( $userName ); if( $user->isAnon() ) { // Output a value proper for the version of MW we're on. $result = version_compare( $wgVersion, '1.12a', '<' ) ? false : 'badaccess-bogususerpage'; return false; } return true; }
[edit] extensions/NoBogusUserpages/NoBogusUserpages.i18n.php
<?php /** * NoBogusUserpages * @package NoBogusUserpages * @author Daniel Friesen (http://www.wikia.com/wiki/User:Dantman) <dan_the_man@telus.net> * @license http://www.gnu.org/copyleft/gpl.html GNU General Public License 2.0 or later * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ if( !defined( 'MEDIAWIKI' ) ) die( "This is an extension to the MediaWiki package and cannot be run standalone." ); $messages = array( 'en' => array( 'badaccess-bogususerpage' => 'The user this userpage is meant for does not exist. You do not have the rights to be able to create a bogus userpage.' ) );
