Extension talk:Prefix Security

Where is the download link ? I am very much interested in this work. Jean-Lou Dupont 14:07, 9 February 2007 (UTC)

Try now. I was editing site till now.

Bug Report: Removal Glitches
For some reason, attempting to remove a user from a group results in a "the special page doesn't exist" error.
 * Hi, i have the same pb of "Special page doesn't exist". i use MW 1.9.3 and PHP 5 --Ouaibsky 12:02, 13 April 2007 (UTC)

In addition, removal of a Prefix leaves pages with that prefix labeled as being protected by it.

--Dataweaver 01:08, 13 April 2007 (UTC)

Creation-Rights
It would be useful, if there would not only be read/write-rights, but als create. E.g. on several pages which i would like to protect with Prefix, I want every people to write. But new articles with a defined prefix should only be created by a smaller list of users. --Xwolf 09:32, 16 May 2007 (UTC)

ERROR 1146: "Napaka zbirke podatkov"
When opening special page Groups Administration for the first time (to make installation) I get an error »1146: Table 'wikidb.user_groups' doesn't exist (localhost)«.

My settings:

$wgDBserver        = "localhost";

$wgDBname          = "wikidb";

Its trou I don't have the table user_groups. How to make one?

I think installation of extension didn't work at all.

Solution: Those 4 files you have to put directly in map /extensions. My mistake was, that I put them in map /extensions/Prefix Security.

Installation instructions incorrect?
We're using: MediaWiki: 1.7.1 PHP: 5.0.5-3 (apache2handler) MySQL: 4.0.24_Debian-10sarge2-log

The installation instructions (readme) say:

Then edit your LocalSettings.php file and add the following lines: require_once( 'extensions/GroupsAdministration.php' ); require_once( 'extensions/PrefixAdministration.php' ); $wgWhitelistRead = array ( "username1", "username2" );

However, that didn't work--I (a sysop) couldn't access the Group or Prefix special pages. Our system admin says:


 * After reviewing the php code, I end up adding this:

$wgGroupPermissions['logged']['prefixAdministration'] = array ( 'user1' );
 * in the LocalSettings.php file instead of

$wgWhitelistRead = array ( 'user1' );
 * to give us access to these special pages.

Elf 04:08, 9 June 2007 (UTC)

Prefix security doesn't seem to work
(See above for what versions we're using.)

I added a group and a prefix ("Xyz" or "xyz", doesn't matter). The group has only me in it. I gave one user (myself) and the new group read/edit access to the prefix and everyone else read-only access. But still anyone can edit the pages ("Xyz test", "Xyz: test"). I don't know what we're doing wrong. Can someone help?
 * Elf 00:20, 9 June 2007 (UTC)

Security glitch
The GroupAdministration, although it's supposed to be for sysops, displays Bureaucrats as a valid group, and, as a sysop, I successfully added myself to the Bureaucrat group. Should it do this? Is there a way to prevent this? Thanks again. (Just my day for asking questions.) Elf 01:19, 9 June 2007 (UTC)

Info displayed in Special:Versions is out of date
(See above for versions we're using.) When displaying Special:Version, we get these links for these extensions:


 * Groups Administration
 * PrefixAdministration

Which no longer exist; they shd be pointing here to Mediawiki. Elf 21:41, 12 June 2007 (UTC)

Issue with PageRestrictionHooks.php
Whenever I add  to LocalSettings.php, my wiki becomes unreachable. Is there something wrong with the code online for that file that is causing the issue? Sean Et Cetera 16:52, 12 July 2007 (UTC)
 * I think I found the problem.   does not have a closing }, and I think that's what kept killing it for me.  That, and   appeared to have the same problem. Sean Et Cetera 19:26, 12 July 2007 (UTC)

SQL Injection
After enabling this extension a nessus scan of the server showed it as vunrable to SQL injection. Has anyone else seem this?

The following URLs seem to be vulnerable to various SQL injection techniques :

/index.php?-=&title='UNION'&section=1&printable=yes&action=edit /index.php?-=&title='&section=1&printable=yes&action=edit /index.php?-=&title='%22&section=1&printable=yes&action=edit /index.php?-=&title='bad_bad_value&section=1&printable=yes&action=edit /index.php?-=&title=bad_bad_value'&section=1&printable=yes&action=edit /index.php?-=&title='WHERE&section=1&printable=yes&action=edit /index.php?-=&title='OR&section=1&printable=yes&action=edit /index.php?-=&title=' or 1=1-- &section=1&printable=yes&action=edit /index.php?-=&title=' or 'a'='a&section=1&printable=yes&action=edit /index.php?-=&title=') or ('a'='a&section=1&printable=yes&action=edit /index.php?-=&title=%27&section=1&printable=yes&action=edit /index.php?-=&title='+OR+1=1)&section=1&printable=yes&action=edit /index.php?-=&title='+OR+1=1))&section=1&printable=yes&action=edit /index.php?-=&title='+OR+1=1#&section=1&printable=yes&action=edit /index.php?-=&title='+OR+1=1)#&section=1&printable=yes&action=edit /index.php?-=&title='+OR+1=1))#&section=1&printable=yes&action=edit /index.php?-=&title='+or+1=1/*&section=1&printable=yes&action=edit /index.php?-=&title='+or+1=1)/*&section=1&printable=yes&action=edit /index.php?-=&title='+or+1=1))/*&section=1&printable=yes&action=edit /index.php?-=&title='+convert(int,convert(varchar,0x7b5d))+'&section=1&printable=yes&action=edit /index.php?-=&title='+convert(varchar,0x7b5d)+'&section=1&printable=yes&action=edit /index.php?-=&title='%2Bconvert(int,convert(varchar%2C0x7b5d))%2B'&section=1&printable=yes&action=edit /index.php?-=&title='%2Bconvert(varchar%2C0x7b5d)%2B'&section=1&printable=yes&action=edit

An attacker may exploit this flaws to bypass authentication or to take the control of the remote database.

Error when loading PageRestrictionHooks.php
Detected bug in an extension! Hook DescribeRestrictionsHook failed to return a value; should return true to continue hook processing or false to abort.

Backtrace:


 * 1) 0 /wiki/includes/Parser.php(386): wfRunHooks('ParserAfterTidy', Array)
 * 2) 1 /wiki/includes/Article.php(3017): Parser->parse('The iTunes Stor...', Object(Title), Object(ParserOptions), true, true, 6212)
 * 3) 2 /wiki/includes/Article.php(831): Article->outputWikiText('The iTunes Stor...')
 * 4) 3 /wiki/includes/Wiki.php(383): Article->view
 * 5) 4 /wiki/includes/Wiki.php(48): MediaWiki->performAction(Object(OutputPage), Object(Article), Object(Title), Object(User), Object(WebRequest))
 * 6) 5 /wiki/index.php(89): MediaWiki->initialize(Object(Title), Object(OutputPage), Object(User), Object(WebRequest))
 * 7) 6 {main}

help ?

--Airplanenoise 21:13, 16 November 2007 (UTC)

-- Update : Ok - i fixed most of the bugs in this extension. None of the tags or tags were closed in the files associated with this extension. It was throwing off the entire page. Had to fix it all up. Now that it's fixed, it "works", except if the page title has a single quote, obviously an escaping problem on the MySQL Query. Will work on that. But, in short, if you are having problems with this extension, it's because NONE of the tags are closed - form tags mostly. Once you go in and fix that, you can at least get somewhat of a start.

--Airplanenoise 17:57, 10 December 2007 (UTC)

Error during the Installation Process
I have Problem during the Installation after i have coppied the Scribts in the wiki extensions Folder

Installation.php GroupsAdministration.php PrefixAdministration.php PageRestrictionHooks.php At next ich locked in as Sysop user and open the Groups administration direktory and getting this Message

To install the extensions Succesfully please follow the next few steps: Put Groups Administration extension ./into extensions Directory (Done) Put Prefix Administration extension ./into extensions Directory (Done) Put PageRestrictionsHooks extension ./into extensions Directory (Done) Add repuire_once 'Extensions/GroupsAdministration.php' to the end of the file localsettings.php (Done) Add repuire_once 'Extensions/Prefixdministration.php' to the end of the file localsettings.php (Done)

And when I klick on the installation Button down I getting back these

Search Results

It seems like the link in the script ist wron but I am not sure. Do somebody know what i have done wrong ? If you have an Idea it would be nice if you write me a mail

BjZucknik@aol.com


 * I have same problem. If you have any Idea it would be nice if you write me a mail psc@elkor.lv

- first, the install script puts the text "Install extensions" in the form (which itselfs cant handle) and - second, the wiki adds a "&search=" behind the postlink Workaround: manuelly adding the tables and Localsetings.php rows and delete the Installation.php *g* --GBT248 23:16, 9 January 2008 (UTC)
 * i have the same issue. It seems there are 2 probs:

Display Error
I have implemented the Prefix Security Extension on MediaWiki MediaWiki: 1.9.3. I am having a small display issue when editing pages.

When the user is allowed to edit a page, the Cancel link at the bottom stops being a link. The link actually ends up on the "Access to this page is regulated with a prefix" shown above it.

There also appears to be a number of extra "Access to this page is regulated with a prefix" warnings displayed. They show up between the checkbox and the "This is a minor edit" and again between the checkbox and the "watch this page" as well as between the "Show Changes" button and the "Cancel" link.

Is there a fix for this?

Thanks Todd

Missing HTML Tag " in "PrefixAdministration.php"
My config:
 * MediaWiki: 1.11.0
 * PHP: 5.2.5 (apache2handler)
 * MySQL: 5.0.51

Problem
If I want to delete a Prefix in Spezial:PrefixAdministration I will asked with yes or no to confirm this. But if I click on the yes button I get the special Search Site about all Namespaces and no action on the page_prefix table ist done.

Solution
In "PrefixAdministration.php":
 * if( $wgRequest->getText( 'action' ) == "delete_prefixed_page" ) {...

Before: $wgOut->addHTML( "                                                                                     " ); After: $wgOut->addHTML( "                                                                                     " );

you only have to add the   tag. Timotheus.elias 09:23, 31 January 2008 (UTC)