Extension:RemoveProtectedContent

What can this extension do?
This extension eliminates the issues listed on Security issues with authorization extensions for "userCan" hook based access control extensions.

Specifically, it removes protected articles from lists (e.g. recentchanges, search results, new articles), and prevents unauthorised users from gaining access to protected content by transcluding it.

This extension should be used in conjunction with a separate access control extension (e.g. Extension:PermissionACL)

Usage
Install and configure a userCan (e.g. Extension:PermissionACL). You'll notice that the access control system doesn't prevent protected content from being listed and linked to, or transcluded in other articles.

Carry out the instructions below to fix this.

Download instructions
Download using the link in the (top right) infobox above

Installation
Extract the ZIP file contents into your MediaWiki directory.

Run:

patch -p0 < patch_CategoryPage.diff patch -p0 < patch_ChangesList.diff patch -p0 < patch_Parser.diff patch -p0 < patch_SpecialAllpages.diff patch -p0 < patch_SpecialNewpages.diff patch -p0 < patch_SpecialRecentchanges.diff patch -p0 < patch_SpecialSearch.diff patch -p0 < patch_SpecialWhatlinkshere.diff

(Note: Most Unix/Linux systems should come with patch, for MS Windows, you can use a copy from the GNU utilities for Win32)

This should patch the following files:


 * includes\CategoryPage.php
 * includes\ChangesList.php
 * includes\parser\Parser.php
 * includes\specials\SpecialAllpages.php
 * includes\specials\SpecialNewpages.php
 * includes\specials\SpecialRecentchanges.php
 * includes\specials\SpecialSearch.php
 * includes\specials\SpecialWhatlinkshere.php

Configuration parameters
To configure this extension, $wgShowNonPermittedAs must be set in.

To simply remove protected articles from all lists (e.g. recent changes, search results) and transclusion, set to an empty string (Note: This can paginated lists - you may find nothing on the first page, and entries on the second, etc):

To display "" or some other fixed text whereever protected content (or an article link in a list) would otherwise be displayed, set to the string to be displayed:

To display one of the standard MediaWiki messages whereever protected content (or an article link in a list) would otherwise be displayed, set to the string to be displayed: