MediaWiki r21821 - Code Review

Jump to: navigation, search
Repository:MediaWiki
Revision:r21820‎ | r21821 (on ViewVC)‎ | r21822 >
Date:12:44, 3 May 2007
Author:daniel
Status:old (Comments)
Tags:
Comment:
don't show excerpts from non-readable articles
Modified paths:

Diff [purge]

Index: trunk/phase3/includes/SpecialSearch.php
@@ -320,6 +320,14 @@
321321 $contextchars = $wgUser->getOption( 'contextchars', 50 );
322322
323323 $link = $sk->makeKnownLinkObj( $t );
 324+
 325+ //If page content is not readable, just return the title.
 326+ //This is not quite safe, but better than showing excerpts from non-readable pages
 327+ //Note that hiding the entry entirely would screw up paging.
 328+ if (!$t->userCanRead()) {
 329+ return "<li>{$link}</li>\n";
 330+ }
 331+
324332 $revision = Revision::newFromTitle( $t );
325333 $text = $revision->getText();
326334 $size = wfMsgExt( 'nbytes', array( 'parsemag', 'escape'),

Comments

#Comment by Thisisme (talk | contribs)   14:02, 8 June 2010

Please could this be changed from: 

  return "<li>{$link}</li>\n";

to: 

  return "<li><Access denied></li>\n";

As it stands atm, users without access rights to the articles in question are shown the article title and a link to it - but with no indication that they can't access it. This just causes problems with users complaining that they can't get to articles shown.

A more sensible patch would be to simply show a message in place of the link - which wouldn't mess up paging.


#Comment by Thisisme (talk | contribs)   14:05, 8 June 2010

(This would also eliminate part of the issue reported at Security issues with authorization extensions)

#Comment by Thisisme (talk | contribs)   13:09, 11 June 2010

I've created Extension:RemoveProtectedContent which eliminates the above security problem, without affecting pagination.

#Comment by Platonides (talk | contribs)   13:37, 11 June 2010

Note that for per-namescae denying Lockdown will not show the results on forbidden namespaces.

Retrieved from "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/21821"