Extension talk:WhiteList

Modify/All/None
Please document the effects of checking and not checking the box in the Modify/All/None column. Svanslyck 23:02, 9 February 2008 (UTC)
 * Thanks for the suggestion. I added a much more detailed usage description on the main page. Hopefully this will clarify the usage. --Gri6507 03:28, 10 February 2008 (UTC)

Possible to use wildcard statements for namespace access?
I like the control and thoroughness of this extension, but am afraid that once my wiki has more than a few hundred pages, it will become difficult to manage permissions. Would it be possible to add wildcard statements in the whitelist over-ride, like ...

$wgWhitelistOverride['always']['read'] = array(     "Project:*",       # grants everybody permission to see all pages in the Project namespace

Another feature would be to allow a working group to generate new content without a "manager" being present to grant each member of the workgroup access to each new page (effectively having to create new pages for the workgroup and then manage access to individual pages). A solution might be something like pseudo namespaces with wildcards. A workgroup leader could request that users x, y, and z could have permissions to new pseudo namespace "Foo". Then a manager could grant those users permissions using the whitelist access editor with "Foo:*"

This method would rely on new pages intended to be in a group of pages actually including the prefix. CWinDC 16:18, 23 February 2008 (UTC)


 * Thank you for the feedback. We are actually already working on the wildcard whitelist access. The next release version will have this support in it. I expect the next release to be sometime within a week. --Gri6507 17:56, 23 February 2008 (UTC)
 * Well, it's about a week late, but today, we released the new version of the extension which can handle wildcard entries. --Gri6507 19:12, 10 March 2008 (UTC)

How secure is this?
How well does this extension fare under http://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions ? Are there ways to work around the whitelist?
 * You are correct to be concerned. That is why the top of the extension page has a rather lengthy disclaimer with a link to the same page you are referring to here :-). To see how well this extension fairs compared to other controlled access extensions, you can take a look at this listing (note, not everything that is listed in red is actually a bad thing).


 * The only additional comment I can make is that the developers (I am one of them) have taken every precaution to make this as bullet proof as possible. Based on our own testing, we have not found a way to bypass this extension yet. However, if you start poking into it, you may still find some holes which we will be glad to fix. The only other thing I can say, for whatever it's worth, is that this extension has been deemed secure enough for our internal company use. --Gri6507 00:03, 28 February 2008 (UTC)


 * I've added a Security Issues section which details security issues you might encounter. Note that you will need to make some changes to your MediaWiki config to make this extension effective, as described on that page. --Msul01 14:20, 28 February 2008 (UTC)

Dynamic Navigation Bars
''Verify that your MediaWiki:Common.css and MediaWiki:Common.js pages contain a section on Dynamic Navigation Bars. If they do not, or if those pages simply do not exist, then copy the pages from Wikipedia MediaWiki:Common.css and MediaWiki:Common.js.''
 * Huh? Not even the MediaWiki:Common.css has a section about Dynamic Navigation Bars currently. Also, I think we should suggest just copying that section, rather than the entire page. That can get too big, and there's a lot of extraneous extensions that are not installed on smaller Wikis. --Liface 12:18, 7 April 2008 (UTC)


 * Good point without any answer yet ?! Anyway to get it fixed ? --MoBO 16:48, 11.07.2008 (GMT+1)

Here are the sections in question. I'll add them to the main page with better instructions, but could someone make sure that only including these sections works? We should update these to use collapsable tables instead, since NavFrame was deprecated in favor of Collapsible_tables in Nov. 2007. (This explains why these sections were removed from Wikipedia's Common.css/js files... --Msul01 14:39, 23 July 2008 (UTC)

Common.css
/* Standard Navigationsleisten, aka box hiding thingy from .de. Documentation at NavFrame. */

div.Boxmerge, div.NavFrame { margin: 0px; padding: 4px; border: 1px solid #aaa; text-align: center; border-collapse: collapse; font-size: 95%; } div.Boxmerge div.NavFrame { border-style: none; border-style: hidden; } div.NavFrame + div.NavFrame { border-top-style: none; border-top-style: hidden; } div.NavPic { background-color: #fff; margin: 0px; padding: 2px; float: left; } div.NavFrame div.NavHead { height: 1.6em; font-weight: bold; background-color: #ccf; position:relative; } div.NavFrame p { font-size: 100%; } div.NavFrame div.NavContent { font-size: 100%; } div.NavFrame div.NavContent p { font-size: 100%; } div.NavEnd { margin: 0px; padding: 0px; line-height: 1px; clear: both; } a.NavToggle { position:absolute; top:0px; right:3px; font-weight:normal; font-size:smaller; }

Common.js
/** Dynamic Navigation Bars (experimental) ************************************* * *  Description: See NavFrame. * Maintainers: UNMAINTAINED */ // set up the words in your language var NavigationBarHide = '[' + collapseCaption + ']'; var NavigationBarShow = '[' + expandCaption + ']'; // shows and hides content and picture (if available) of navigation bars // Parameters: //    indexNavigationBar: the index of navigation bar to be toggled function toggleNavigationBar(indexNavigationBar) {    var NavToggle = document.getElementById("NavToggle" + indexNavigationBar); var NavFrame = document.getElementById("NavFrame" + indexNavigationBar); if (!NavFrame || !NavToggle) { return false; }    // if shown now if (NavToggle.firstChild.data == NavigationBarHide) { for (                var NavChild = NavFrame.firstChild;                 NavChild != null;                 NavChild = NavChild.nextSibling             ) { if ( hasClass( NavChild, 'NavPic' ) ) { NavChild.style.display = 'none'; }            if ( hasClass( NavChild, 'NavContent') ) { NavChild.style.display = 'none'; }        }     NavToggle.firstChild.data = NavigationBarShow; // if hidden now } else if (NavToggle.firstChild.data == NavigationBarShow) { for (                var NavChild = NavFrame.firstChild;                 NavChild != null;                 NavChild = NavChild.nextSibling             ) { if (hasClass(NavChild, 'NavPic')) { NavChild.style.display = 'block'; }            if (hasClass(NavChild, 'NavContent')) { NavChild.style.display = 'block'; }        }     NavToggle.firstChild.data = NavigationBarHide; } }  // adds show/hide-button to navigation bars function createNavigationBarToggleButton {    var indexNavigationBar = 0; // iterate over all -elements var divs = document.getElementsByTagName("div"); for(            var i=0;              NavFrame = divs[i];              i++         ) { // if found a navigation bar if (hasClass(NavFrame, "NavFrame")) { indexNavigationBar++; var NavToggle = document.createElement("a"); NavToggle.className = 'NavToggle'; NavToggle.setAttribute('id', 'NavToggle' + indexNavigationBar); NavToggle.setAttribute('href', 'javascript:toggleNavigationBar(' + indexNavigationBar + ');'); var NavToggleText = document.createTextNode(NavigationBarHide); for (                 var NavChild = NavFrame.firstChild;                  NavChild != null;                  NavChild = NavChild.nextSibling                 ) { if ( hasClass( NavChild, 'NavPic' ) || hasClass( NavChild, 'NavContent' ) ) { if (NavChild.style.display == 'none') { NavToggleText = document.createTextNode(NavigationBarShow); break; }                }             }             NavToggle.appendChild(NavToggleText); // Find the NavHead and attach the toggle link (Must be this complicated because Moz's firstChild handling is borked) for(              var j=0;                j < NavFrame.childNodes.length;                j++             ) { if (hasClass(NavFrame.childNodes[j], "NavHead")) { NavFrame.childNodes[j].appendChild(NavToggle); }            }             NavFrame.setAttribute('id', 'NavFrame' + indexNavigationBar); }    }  }  addOnloadHook( createNavigationBarToggleButton );

Error
I'm getting an error: Fatal error: Class 'SpecialUserStats' not found in C:\wamp\www\sicherheitselektronik\extensions\WhiteList\SpecialWhitelistEdit_body.php on line 428

I suppose this is because I didn't install GNUplot or Extension:UsageStatistics, however I don't want the calendar functionality enabled. How do I comment this out or disable it? --Liface 13:36, 7 April 2008 (UTC)
 * You are correct. This is because you did not install the UsageStatistics extension. Right now, there is no easy way to remove this dependency shy of changing the extension code. However, I will make this configurable in the next version of the extension. Please stay tuned for updates. --Gri6507 13:58, 7 April 2008 (UTC)
 * Ah, okay, I misunderstood the installation instructions. I installed UsageStatistics, but I still have this bug (which was present before): http://img150.imageshack.us/img150/1786/screenshotzl4.png. It seems to be just taking the text in the database instead of converting it into any meaningful format. Any ideas? --Liface 11:14, 8 April 2008 (UTC)
 * I wouldn't quite call it a bug; just a lack of functionality :-). The problem is that it doesn't appear that there are i18n translations available for your locale. What locale is your account set for? Take a look at SpecialWhitelistEdit.i18n.php to see which translations are already available. My guess is that this extension is still missing the translations for your locale. You are very welcome to create the translation yourself. It is very easy - simply follow the format you see in the file. When you have it finished, please post it here and I will submit it to SVN. --Gri6507 12:35, 8 April 2008 (UTC)
 * The requirement for the UsageStatistics extension has been made optional as of v0.8.6 --Gri6507 13:01, 14 April 2008 (UTC)

Error with Phrases in MediaWiki 1.12
I had a problem that non of the phrases showed up. I just got the <...> crap.

I tracked it down to this.

Error
In file includes/MessageCache.php, Line 712 and 713 use the variable '$messages'. This '$messages' varbible is pulled from the i18n file. The i18n file for this hack though uses the varible '$allMessages' and not '$messages' as it seems MediaWiki wants you to.

Fix
Open file SpecialWhitelistEdit.i18n.php and SpecialWhitelistEdit_body.php and replace all instances of '$allMessages' with '$messages'.

Good catch, thanks for providing the fix. There's a note in 1.9 saying that $allMessages is no longer needed, and someone probably pulled it out since then. We'll make this fix with the next update. --Msul01 14:43, 23 July 2008 (UTC)

Blank page after activation of extension in LocalSettings.php
I followed the instructions like described, but I only got a blank page... After debugging I could find out, that you must give attention to exact file name. So the files downloaded from WhiteList SVN can be found in extension directory! :)
 * require_once( "$IP/extensions/WhiteList/SpecialWhiteListEdit.php" ); <- wrong, because of UPPER 'L' in WhiteList
 * require_once( "$IP/extensions/WhiteList/SpecialWhitelistEdit.php" ); <- correct, with LOWER 'l' in Whitelist

--Topf 15:35, 17 May 2008 (UTC)
 * You are absolutely correct. Thank you for finding this. I'm surprised no one else has pointed this typo out so far :-) --Gri6507 18:44, 17 May 2008 (UTC)

Errors on WhiteList Special Page
In the file  are some bugs...
 * i.e. in lines 504, 505 and further (use search and replace)
 * must be  , same with parameter 'title'
 * Actually the  syntax is perfecty legal. In PHP, the keys to arrays can be either integers or strings. By putting quotes around ns, you are forcing the key to be a string. Without the quotes, PHP interprets ns as a constant with some internally defined value. Depending on how strict you have your PHP error_reporting set, you may or may not get a warning saying that the constant ns is undefined and is internally defined the value of 'ns' . --Gri6507 18:58, 17 May 2008 (UTC)
 * I reinstalled original file  and when I call Special:WhiteList I get 75 notices (by PHP) (11x at Special:WhiteListEdit):  Following lines are affected: 504, 505, 512, 513, 540, 541. Nevertheless the rest of the page will be displayed. btw: I use MW 1.10.1 --Topf 23:17, 17 May 2008 (UTC)
 * I just checked my error_reporting - and you were right... I forgot to reset it. So there are no notices in "normal" mode. Maybe you should remove this part "Errors on WhiteList Special Page" to do not confuse some users. ;) --Topf 00:07, 18 May 2008 (UTC)
 * I fixed this in v0.9.0 so that there should no longer be any warnings. --Gri6507 19:46, 20 May 2008 (UTC)

--Topf 16:04, 17 May 2008 (UTC)
 * give attention in line 535: don't modify this $sql string
 * I'm not sure what you mean by this. Can you please clarify what you think is the problem? --Gri6507 18:58, 17 May 2008 (UTC)
 * I meant not to change [ns] to ['ns'] in this line, because it would end in an error. ;) --Topf 23:17, 17 May 2008 (UTC)

Problem
If I want to change a user's whitelist, there appears an emtpy DropDownList entry (on page WhitelistEdit).

Reason
The user didn't enter a real name in its user settings.

Solution
--Topf 23:27, 17 May 2008 (UTC)
 * The user should enter a real name. ;)
 * maybe better: The extension should choose user name instead of real name. What happens, if two users have the same real name??


 * As of v0.9.0, I have updated the code to default to the Username if the UserRealName is not entered. Since the array is indexed by user IDs, it is possible to have two entries with the same realname. Unfortunately, there isn't much that can be done about that shy of forcing people to enter a unique real name. The only viable alternative is to display usernames which is not preferred in a workplace environment where everybody is known by their names and not their usernames. --Gri6507 19:49, 20 May 2008 (UTC)


 * Installed v0.9.0 and I have the same problem. Username and UserRealName are correctly entered but I still have an empty DropDownList entry ?! And for the display, why not showing both of them (Username and UserRealName) ??? --MoBO 12:30, 07 July 2008 (GMT+1)
 * Installed v0.9.0 and I have the same problem. Username and UserRealName are correctly entered but I still have an empty DropDownList entry ?! And for the display, why not showing both of them (Username and UserRealName) ??? --MoBO 12:30, 07 July 2008 (GMT+1)


 * Did you check your SQL user table? Look for an empty entry in the user_real_name field of the wiki_user table. --Msul01 14:54, 23 July 2008 (UTC)


 * I've just installed this extension (SVN revision 39298) on mediawiki 1.11.1. The dropdown select is not empty, it correctly shows the usernames. But the in-page text (e.g. when reviewing the changes about to be done) it is shown as 's instead of username's. So, this issue is only half-fixed. --CrazyTerabyte 17:53, 13 August 2008 (UTC)

Class 'SpecialPage' not found
When I try to add the require_once line to my LocalSettings.php, I get the following error when loading a page on the Wiki: "Fatal error: Class 'SpecialPage' not found in /path/to/my/wiki/extensions/WhiteList/SpecialWhitelistEdit_body.php on line 47" Is there an extension or something else that I am missing that provides the definition of SpecialPage? I recently upgraded from 1.10 to 1.12, and otherwise this is a pretty much bog-standard MediaWiki installation. The only other extension we use is ParserFunctions.

I really hope I can get this to work; this is exactly the extension I am looking for. Thanks for your time. Withak 13:24, 17 June 2008 (UTC)


 * Can you please try adding  in your LocalSettings.php right before the call to instantiate the WhiteList extension? --Gri6507 20:54, 17 June 2008 (UTC)


 * That appears to have worked &mdash; or at least I'm able to access the Wiki again. Thanks for the quick response! Withak 13:34, 18 June 2008 (UTC)
 * Well, I got a bit farther. I was able to add a test user to the "restricted" usergroup, add myself to the "manager" usergroup, and access Special:WhitelistEdit. However, this page doesn't appear to be rendering properly. The title of the page is "&amp;lt;whitelistedit&amp;gt;" and the table is filled with tags like, , , etc.
 * I did notice that in the instructions you call for edits to be made to MediaWiki:Common.css, saying that if my copy of this page doesn't have a section on "Dynamic Navigation Bars", to copy Wikipedia's version of the same page. Wikipedia's Common.js has a section on Dynamic Navigation Bars, but its Common.css does not. Withak 13:59, 18 June 2008 (UTC)

Never mind! Maybe I should have read this talk page a little more closely. :-) The fix for this problem is above: Extension talk:WhiteList. Withak 16:53, 19 June 2008 (UTC)

invalid argument supplied foreach in D:\wamp\www\mediawiki193\includes\MessageCache.php on line 636
my mediawiki is 1.11

Solution
This can be fixed by replacing all instances of $allMessages with $messages in all files of the extension. --195.13.40.237 17:14, 31 July 2008 (UTC)

Use of undef
Should you change line 118 in WhitelistAuth.php to look like line 48.


 * $override = WHITELIST_NOACTION; {Line 48}
 * $override = undef; {Line 118}

Chris Wolcott 13:04, 30 June 2008 (UTC)

Right now, the logic below line 118 guarantees that the undef will be changed before the function returns. I'll clean this logic up to set WHITELIST_NOACTION at line 118, then eliminate the 'else' clauses below. No reason to set the variable twice if we don't have to. Thanks for pointing this out. --Msul01 14:50, 23 July 2008 (UTC)

generated user stylesheet is forbidden
Upon accessing a wiki using the restricted user, Firebug shows me two errors. One of them is invalid syntax at the doctype line, but it is not relevant.

The second error is while trying to load an external stylesheet. The URL is: index.php?title=-&action=raw&gen=css&maxage=18000&smaxage=0 I think it should be a good idea to let the restricted users access this CSS file.

--CrazyTerabyte 17:59, 13 August 2008 (UTC)

Localized namespaces
Currently, looks like the namespace names are not "normalized" (or whatever is the term for this) for different languages. I mean, my wiki has Portuguese as the default language. Then, I need to write this at my conf file: $wgWhitelistOverride['always']['read'] = array( "Especial:Userlogout" ); If I type "Special:Userlogout", then it does not work.

I wonder how hard things might become for users whose namespaces don't have plain ASCII chars.

I think it should be possible to normalize namespace names. --CrazyTerabyte 18:04, 13 August 2008 (UTC)