Extension talk:Prefix Security

Where is the download link ? I am very much interested in this work. Jean-Lou Dupont 14:07, 9 February 2007 (UTC)

Try now. I was editing site till now.

Bug Report: Removal Glitches
For some reason, attempting to remove a user from a group results in a "the special page doesn't exist" error.
 * Hi, i have the same pb of "Special page doesn't exist". i use MW 1.9.3 and PHP 5 --Ouaibsky 12:02, 13 April 2007 (UTC)

In addition, removal of a Prefix leaves pages with that prefix labeled as being protected by it.

--Dataweaver 01:08, 13 April 2007 (UTC)

Creation-Rights
It would be useful, if there would not only be read/write-rights, but als create. E.g. on several pages which i would like to protect with Prefix, I want every people to write. But new articles with a defined prefix should only be created by a smaller list of users. --Xwolf 09:32, 16 May 2007 (UTC)

ERROR 1146: "Napaka zbirke podatkov"
When opening special page Groups Administration for the first time (to make installation) I get an error »1146: Table 'wikidb.user_groups' doesn't exist (localhost)«.

My settings:

$wgDBserver        = "localhost";

$wgDBname          = "wikidb";

Its trou I don't have the table user_groups. How to make one?

I think installation of extension didn't work at all.

Solution: Those 4 files you have to put directly in map /extensions. My mistake was, that I put them in map /extensions/Prefix Security.

Installation instructions incorrect?
We're using: MediaWiki: 1.7.1 PHP: 5.0.5-3 (apache2handler) MySQL: 4.0.24_Debian-10sarge2-log

The installation instructions (readme) say:

Then edit your LocalSettings.php file and add the following lines: require_once( 'extensions/GroupsAdministration.php' ); require_once( 'extensions/PrefixAdministration.php' ); $wgWhitelistRead = array ( "username1", "username2" );

However, that didn't work--I (a sysop) couldn't access the Group or Prefix special pages. Our system admin says:


 * After reviewing the php code, I end up adding this:

$wgGroupPermissions['logged']['prefixAdministration'] = array ( 'user1' );
 * in the LocalSettings.php file instead of

$wgWhitelistRead = array ( 'user1' );
 * to give us access to these special pages.

Elf 04:08, 9 June 2007 (UTC)

Prefix security doesn't seem to work
(See above for what versions we're using.)

I added a group and a prefix ("Xyz" or "xyz", doesn't matter). The group has only me in it. I gave one user (myself) and the new group read/edit access to the prefix and everyone else read-only access. But still anyone can edit the pages ("Xyz test", "Xyz: test"). I don't know what we're doing wrong. Can someone help?
 * Elf 00:20, 9 June 2007 (UTC)

Security glitch
The GroupAdministration, although it's supposed to be for sysops, displays Bureaucrats as a valid group, and, as a sysop, I successfully added myself to the Bureaucrat group. Should it do this? Is there a way to prevent this? Thanks again. (Just my day for asking questions.) Elf 01:19, 9 June 2007 (UTC)

Info displayed in Special:Versions is out of date
(See above for versions we're using.) When displaying Special:Version, we get these links for these extensions:


 * Groups Administration
 * PrefixAdministration

Which no longer exist; they shd be pointing here to Mediawiki. Elf 21:41, 12 June 2007 (UTC)

Issue with PageRestrictionHooks.php
Whenever I add  to LocalSettings.php, my wiki becomes unreachable. Is there something wrong with the code online for that file that is causing the issue? Sean Et Cetera 16:52, 12 July 2007 (UTC)
 * I think I found the problem.   does not have a closing }, and I think that's what kept killing it for me.  That, and   appeared to have the same problem. Sean Et Cetera 19:26, 12 July 2007 (UTC)

SQL Injection
After enabling this extension a nessus scan of the server showed it as vunrable to SQL injection. Has anyone else seem this?

The following URLs seem to be vulnerable to various SQL injection techniques :

/index.php?-=&title='UNION'&section=1&printable=yes&action=edit /index.php?-=&title='&section=1&printable=yes&action=edit /index.php?-=&title='%22&section=1&printable=yes&action=edit /index.php?-=&title='bad_bad_value&section=1&printable=yes&action=edit /index.php?-=&title=bad_bad_value'&section=1&printable=yes&action=edit /index.php?-=&title='WHERE&section=1&printable=yes&action=edit /index.php?-=&title='OR&section=1&printable=yes&action=edit /index.php?-=&title=' or 1=1-- &section=1&printable=yes&action=edit /index.php?-=&title=' or 'a'='a&section=1&printable=yes&action=edit /index.php?-=&title=') or ('a'='a&section=1&printable=yes&action=edit /index.php?-=&title=%27&section=1&printable=yes&action=edit /index.php?-=&title='+OR+1=1)&section=1&printable=yes&action=edit /index.php?-=&title='+OR+1=1))&section=1&printable=yes&action=edit /index.php?-=&title='+OR+1=1#&section=1&printable=yes&action=edit /index.php?-=&title='+OR+1=1)#&section=1&printable=yes&action=edit /index.php?-=&title='+OR+1=1))#&section=1&printable=yes&action=edit /index.php?-=&title='+or+1=1/*&section=1&printable=yes&action=edit /index.php?-=&title='+or+1=1)/*&section=1&printable=yes&action=edit /index.php?-=&title='+or+1=1))/*&section=1&printable=yes&action=edit /index.php?-=&title='+convert(int,convert(varchar,0x7b5d))+'&section=1&printable=yes&action=edit /index.php?-=&title='+convert(varchar,0x7b5d)+'&section=1&printable=yes&action=edit /index.php?-=&title='%2Bconvert(int,convert(varchar%2C0x7b5d))%2B'&section=1&printable=yes&action=edit /index.php?-=&title='%2Bconvert(varchar%2C0x7b5d)%2B'&section=1&printable=yes&action=edit

An attacker may exploit this flaws to bypass authentication or to take the control of the remote database.

Error when loading PageRestrictionHooks.php
Detected bug in an extension! Hook DescribeRestrictionsHook failed to return a value; should return true to continue hook processing or false to abort.

Backtrace:


 * 1) 0 /wiki/includes/Parser.php(386): wfRunHooks('ParserAfterTidy', Array)
 * 2) 1 /wiki/includes/Article.php(3017): Parser->parse('The iTunes Stor...', Object(Title), Object(ParserOptions), true, true, 6212)
 * 3) 2 /wiki/includes/Article.php(831): Article->outputWikiText('The iTunes Stor...')
 * 4) 3 /wiki/includes/Wiki.php(383): Article->view
 * 5) 4 /wiki/includes/Wiki.php(48): MediaWiki->performAction(Object(OutputPage), Object(Article), Object(Title), Object(User), Object(WebRequest))
 * 6) 5 /wiki/index.php(89): MediaWiki->initialize(Object(Title), Object(OutputPage), Object(User), Object(WebRequest))
 * 7) 6 {main}

help ?

--Airplanenoise 21:13, 16 November 2007 (UTC)