Security Flaw
Fragment of a discussion from Extension talk:Lockdown
This also applies to inclusion {{:Page}} of redirects #REDIRECT:[[Protected:Page]].
TiCPU 13:30, 3 August 2011 (UTC)
For myself I fixed it using:
diff -udpr includes//parser/Parser.php /root/mediawiki/mediawiki-1.16.4/includes/parser/Parser.php
--- includes//parser/Parser.php 2011-08-03 09:43:32.000000000 -0400
+++ /root/mediawiki/mediawiki-1.16.4/includes/parser/Parser.php 2010-05-11 22:12:12.000000000 -0400
@@ -3154,7 +3154,7 @@ class Parser
$deps = array();
// Loop to fetch the article, with up to 1 redirect
- for ( $i = 0; $i < 1 && is_object( $title ); $i++ ) {
+ for ( $i = 0; $i < 2 && is_object( $title ); $i++ ) {
# Give extensions a chance to select the revision instead
$id = false; // Assume current
wfRunHooks( 'BeforeParserFetchTemplateAndtitle', array( $parser, &$title, &$skip, &$id ) );
Almost the same as removing the loop, Mediawiki won't fetch redirect in inclusion now.
My configuration is MW 1.17 with LdapAuthentication 1.2d.
I have restricted access to a page by moving it in a NS_protected namespace.
My lockdown configuration is : $wgNamespacePermissionLockdown[NS_protected]['read'] = array('mygroup');
This work fine but not with page inclusion {{:NS_protected:Page}} or redirection #REDIRECT:[[NS_protected:Page]].
I have tried to patch Parser.php like TiCPU but still have the problem.
