Extension talk:WhiteList

Please document the effects of checking and not checking the box in the Modify/All/None column. Svanslyck 23:02, 9 February 2008 (UTC)
 * Thanks for the suggestion. I added a much more detailed usage description on the main page. Hopefully this will clarify the usage. --Gri6507 03:28, 10 February 2008 (UTC)

Possible to use wildcard statements for namespace access?
I like the control and thoroughness of this extension, but am afraid that once my wiki has more than a few hundred pages, it will become difficult to manage permissions. Would it be possible to add wildcard statements in the whitelist over-ride, like ...

$wgWhitelistOverride['always']['read'] = array(     "Project:*",       # grants everybody permission to see all pages in the Project namespace

Another feature would be to allow a working group to generate new content without a "manager" being present to grant each member of the workgroup access to each new page (effectively having to create new pages for the workgroup and then manage access to individual pages). A solution might be something like pseudo namespaces with wildcards. A workgroup leader could request that users x, y, and z could have permissions to new pseudo namespace "Foo". Then a manager could grant those users permissions using the whitelist access editor with "Foo:*"

This method would rely on new pages intended to be in a group of pages actually including the prefix. CWinDC 16:18, 23 February 2008 (UTC)


 * Thank you for the feedback. We are actually already working on the wildcard whitelist access. The next release version will have this support in it. I expect the next release to be sometime within a week. --Gri6507 17:56, 23 February 2008 (UTC)
 * Well, it's about a week late, but today, we released the new version of the extension which can handle wildcard entries. --Gri6507 19:12, 10 March 2008 (UTC)

How secure is this?
How well does this extension fare under http://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions ? Are there ways to work around the whitelist?
 * You are correct to be concerned. That is why the top of the extension page has a rather lengthy disclaimer with a link to the same page you are referring to here :-). To see how well this extension fairs compared to other controlled access extensions, you can take a look at this listing (note, not everything that is listed in red is actually a bad thing).


 * The only additional comment I can make is that the developers (I am one of them) have taken every precaution to make this as bullet proof as possible. Based on our own testing, we have not found a way to bypass this extension yet. However, if you start poking into it, you may still find some holes which we will be glad to fix. The only other thing I can say, for whatever it's worth, is that this extension has been deemed secure enough for our internal company use. --Gri6507 00:03, 28 February 2008 (UTC)


 * I've added a Security Issues section which details security issues you might encounter. Note that you will need to make some changes to your MediaWiki config to make this extension effective, as described on that page. --Msul01 14:20, 28 February 2008 (UTC)

Dynamic Navigation Bars
''Verify that your MediaWiki:Common.css and MediaWiki:Common.js pages contain a section on Dynamic Navigation Bars. If they do not, or if those pages simply do not exist, then copy the pages from Wikipedia MediaWiki:Common.css and MediaWiki:Common.js.''
 * Huh? Not even the MediaWiki:Common.css has a section about Dynamic Navigation Bars currently. Also, I think we should suggest just copying that section, rather than the entire page. That can get too big, and there's a lot of extraneous extensions that are not installed on smaller Wikis. --Liface 12:18, 7 April 2008 (UTC)

Error
I'm getting an error: Fatal error: Class 'SpecialUserStats' not found in C:\wamp\www\sicherheitselektronik\extensions\WhiteList\SpecialWhitelistEdit_body.php on line 428

I suppose this is because I didn't install GNUplot or Extension:UsageStatistics, however I don't want the calendar functionality enabled. How do I comment this out or disable it? --Liface 13:36, 7 April 2008 (UTC)
 * You are correct. This is because you did not install the UsageStatistics extension. Right now, there is no easy way to remove this dependency shy of changing the extension code. However, I will make this configurable in the next version of the extension. Please stay tuned for updates. --Gri6507 13:58, 7 April 2008 (UTC)
 * Ah, okay, I misunderstood the installation instructions. I installed UsageStatistics, but I still have this bug (which was present before): http://img150.imageshack.us/img150/1786/screenshotzl4.png. It seems to be just taking the text in the database instead of converting it into any meaningful format. Any ideas? --Liface 11:14, 8 April 2008 (UTC)
 * I wouldn't quite call it a bug; just a lack of functionality :-). The problem is that it doesn't appear that there are i18n translations available for your locale. What locale is your account set for? Take a look at SpecialWhitelistEdit.i18n.php to see which translations are already available. My guess is that this extension is still missing the translations for your locale. You are very welcome to create the translation yourself. It is very easy - simply follow the format you see in the file. When you have it finished, please post it here and I will submit it to SVN. --Gri6507 12:35, 8 April 2008 (UTC)
 * The requirement for the UsageStatistics extension has been made optional as of v0.8.6 --Gri6507 13:01, 14 April 2008 (UTC)

Error with Phrases in MediaWiki 1.12
I had a problem that non of the phrases showed up. I just got the <...> crap.

I tracked it down to this.

Error
In file includes/MessageCache.php, Line 712 and 713 use the variable '$messages'. This '$messages' varbible is pulled from the i18n file. The i18n file for this hack though uses the varible '$allMessages' and not '$messages' as it seems MediaWiki wants you to.

Fix
Open file SpecialWhitelistEdit.i18n.php and SpecialWhitelistEdit_body.php and replace all instances of '$allMessages' with '$messages'.

Blank page after activation of extension in LocalSettings.php
I followed the instructions like described, but I only got a blank page... After debugging I could find out, that you must give attention to exact file name. So the files downloaded from WhiteList SVN can be found in extension directory! :)
 * require_once( "$IP/extensions/WhiteList/SpecialWhiteListEdit.php" ); <- wrong, because of UPPER 'L' in WhiteList
 * require_once( "$IP/extensions/WhiteList/SpecialWhitelistEdit.php" ); <- correct, with LOWER 'l' in Whitelist

--Topf 15:35, 17 May 2008 (UTC)
 * You are absolutely correct. Thank you for finding this. I'm surprised no one else has pointed this typo out so far :-) --Gri6507 18:44, 17 May 2008 (UTC)

Errors on WhiteList Special Page
In the file  are some bugs...
 * i.e. in lines 504, 505 and further (use search and replace)
 * must be  , same with parameter 'title'
 * Actually the  syntax is perfecty legal. In PHP, the keys to arrays can be either integers or strings. By putting quotes around ns, you are forcing the key to be a string. Without the quotes, PHP interprets ns as a constant with some internally defined value. Depending on how strict you have your PHP error_reporting set, you may or may not get a warning saying that the constant ns is undefined and is internally defined the value of 'ns' . --Gri6507 18:58, 17 May 2008 (UTC)
 * I reinstalled original file  and when I call Special:WhiteList I get 75 notices (by PHP) (11x at Special:WhiteListEdit):  Following lines are affected: 504, 505, 512, 513, 540, 541. Nevertheless the rest of the page will be displayed. btw: I use MW 1.10.1 --Topf 23:17, 17 May 2008 (UTC)
 * I just checked my error_reporting - and you were right... I forgot to reset it. So there are no notices in "normal" mode. Maybe you should remove this part "Errors on WhiteList Special Page" to do not confuse some users. ;) --Topf 00:07, 18 May 2008 (UTC)
 * I fixed this in v0.9.0 so that there should no longer be any warnings. --Gri6507 19:46, 20 May 2008 (UTC)

--Topf 16:04, 17 May 2008 (UTC)
 * give attention in line 535: don't modify this $sql string
 * I'm not sure what you mean by this. Can you please clarify what you think is the problem? --Gri6507 18:58, 17 May 2008 (UTC)
 * I meant not to change [ns] to ['ns'] in this line, because it would end in an error. ;) --Topf 23:17, 17 May 2008 (UTC)

Problem
If I want to change a user's whitelist, there appears an emtpy DropDownList entry (on page WhitelistEdit).

Reason
The user didn't enter a real name in its user settings.

Solution
--Topf 23:27, 17 May 2008 (UTC)
 * The user should enter a real name. ;)
 * maybe better: The extension should choose user name instead of real name. What happens, if two users have the same real name??


 * As of v0.9.0, I have updated the code to default to the Username if the UserRealName is not entered. Since the array is indexed by user IDs, it is possible to have two entries with the same realname. Unfortunately, there isn't much that can be done about that shy of forcing people to enter a unique real name. The only viable alternative is to display usernames which is not preferred in a workplace environment where everybody is known by their names and not their usernames. --Gri6507 19:49, 20 May 2008 (UTC)