For MediaWiki (recent comments | status changes | tags | authors | states | release notes | statistics)
Index: trunk/phase3/includes/SpecialSearch.php =================================================================== --- trunk/phase3/includes/SpecialSearch.php (revision 21820) +++ trunk/phase3/includes/SpecialSearch.php (revision 21821) @@ -320,6 +320,14 @@ $contextchars = $wgUser->getOption( 'contextchars', 50 ); $link = $sk->makeKnownLinkObj( $t ); + + //If page content is not readable, just return the title. + //This is not quite safe, but better than showing excerpts from non-readable pages + //Note that hiding the entry entirely would screw up paging. + if (!$t->userCanRead()) { + return "<li>{$link}</li>\n"; + } + $revision = Revision::newFromTitle( $t ); $text = $revision->getText(); $size = wfMsgExt( 'nbytes', array( 'parsemag', 'escape'),
Please could this be changed from:
return "<li>{$link}</li>\n";
to:
return "<li><Access denied></li>\n";
As it stands atm, users without access rights to the articles in question are shown the article title and a link to it - but with no indication that they can't access it. This just causes problems with users complaining that they can't get to articles shown.
A more sensible patch would be to simply show a message in place of the link - which wouldn't mess up paging.
(This would also eliminate part of the issue reported at Security issues with authorization extensions)
I've created Extension:RemoveProtectedContent which eliminates the above security problem, without affecting pagination.
Note that for per-namescae denying Lockdown will not show the results on forbidden namespaces.
