Extension:Lockdown/hiding pages

From MediaWiki.org
Jump to: navigation, search

This page contains patches to mediawiki that will hide pages that are not readable from several listings. These patches have been provided by User:WIKImaniac ([1]).

security flaws & bugfixes[edit]

Following instructions have to be read like this:

+        add this line
         don't change this line
         … /* indicates that some lines have been left out here */
-        remove this line

Special:Search[edit]

Without this, vanilla Lockdown already disables snippets or pages you don't have access to, as well as RSS/Atom feeds.
patch
file SpecialSearch.php
function showMatches
description avoids content of protected pages appearing in search results
author(s) WIKImaniac
date 2016-04-11
MediaWiki version 1.26.2
while( $result ) {
+		if ( ( $result->getTitle() != NULL ) && ( $result->getTitle()->userCan( 'read', $this->getUser() ) ) ) {
			$out .= $this->showHit( $result, $terms );
+			}
		$result = $matches->next()
		}

Special:Allpages, …[edit]

patch
file Lockdown.php
description avoids names of protected namespaces appearing in combo boxes
author(s) Adrian Mikula
/* Checks whether the given namespace is visible to the user who is logged in.
*  @author Adrian Mikula
*  @return Boolean
*/
function namespaceIsVisible($ns)
{
        global $wgNamespacePermissionLockdown, $wgUser;

        $groups = @$wgNamespacePermissionLockdown[$ns]['read'];
        if (!$groups) $groups = @$wgNamespacePermissionLockdown['*']['read'];
        if (!$groups) $groups = @$wgNamespacePermissionLockdown[$ns]['*'];
        if (!$groups) return true;

        $ugroups = $wgUser->getEffectiveGroups();
        $match = array_intersect($ugroups, $groups);
        if ($match) return true;
        return false;
}

/* Removes hidden namespaces from an array of namespaces.
*  @author Adrian Mikula
*  @return array
*/
function filterHiddenNamespaces($namespaces) 
{
        foreach ( $namespaces as $ns => $name ) 
        {
                if (!namespaceIsVisible($ns))
                {
                        unset($namespaces[$ns]);
                }
        }
        return $namespaces;
}
patch
file Language\Language.php
function getNamespaces
description avoids names of protected namespaces appearing in combo boxes
author(s) Adrian Mikula
function getNamespaces() {
                $this->load();
-                return $this->namespaceNames;
+                return filterHiddenNamespaces($this->namespaceNames);
        }

Special:Recentchanges[edit]

patch
file includes\SpecialRecentchanges.php
function wfSpecialRecentchanges
description avoids changes and edit summary of protected pages appearing in recent changes
author(s) WIKImaniac
date 2008-02-04
MediaWiki version 1.10.0
# Namespace filtering
	$hidem .= is_null( $namespace ) ?  '' : ' AND rc_namespace' . ($invert ? '!=' : '=') . $namespace;

+	global $wgExtraNamespaces;

+	foreach ( $wgExtraNamespaces as $num => $title ) {
+		if (!namespaceIsVisible($num)) {
+			$hidem .= ' AND rc_namespace!='.$num;
+		}
+	}
patch
file includes\SpecialRecentchanges.php
function buildMainQueryConds
description avoids changes and edit summary of protected pages appearing in recent changes
author(s) WIKImaniac, modified by Stux
date 2008-12-15
MediaWiki version 1.13.2
# Namespace filtering
		if ( $opts['namespace'] !== '' ) {
 			if ( !$opts['invert'] ) {
				$conds[] = 'rc_namespace = ' . $dbr->addQuotes( $opts['namespace'] );
			} else {
				$conds[] = 'rc_namespace != ' . $dbr->addQuotes( $opts['namespace'] );
			}
		}
+		global $wgExtraNamespaces;
+
+		foreach ( $wgExtraNamespaces as $num => $title ) {
+			if (!namespaceIsVisible($num)) {
+				$conds[] = 'rc_namespace != ' . $dbr->addQuotes( $num );
+			}
+		}

		return $conds;

Special:Watchlist[edit]

patch
file includes\SpecialWatchlist.php
function wfSpecialWatchlist
description avoids changes and edit summary of protected pages appearing in a user's watchlist
author(s) WIKImaniac, modified by Stux
date 2008-12-15
MediaWiki version 1.13.2
# Get namespace value, if supplied, and prepare a WHERE fragment
	$nameSpace = $wgRequest->getIntOrNull( 'namespace' );
	if( !is_null( $nameSpace ) ) {
		$nameSpace = intval( $nameSpace );
		$nameSpaceClause = " AND rc_namespace = $nameSpace";
	} else {
		$nameSpace = '';
		$nameSpaceClause = '';
	}
	
+	global $wgExtraNamespaces;

+	foreach ( $wgExtraNamespaces as $num => $title ) {
+		if (!namespaceIsVisible($num)) {
+			$nameSpaceClause .= ' AND rc_namespace != ' . $num;
+		}
+	}

Special:Wantedpages[edit]

patch
file includes\SpecialWantedpages.php
function formatResult
description avoids entries of protected pages appearing in wanted changes
author(s) WIKImaniac
date 2008-02-04
MediaWiki version 1.10.0
function formatResult( $skin, $result ) {
+		global $wgLang;
+		if ( namespaceIsVisible( $result->namespace ) ) {
			$title = Title::makeTitleSafe( $result->namespace, $result->title );
			…
+		}
	}

Special:Logs[edit]

patch
file includes\SpecialLog.php
function logLine
description avoids entries of protected pages appearing in the logs
author(s) WIKImaniac
date 2008-02-04
MediaWiki version 1.10.0
function logLine( $s ) {
		global $wgLang, $wgUser;;	
+		if ( namespaceIsVisible( $s->log_namespace ) ) {
			$skin = $wgUser->getSkin();
			…
+		}
	}

Categories[edit]

patch
file includes\CategoryPage.php
function addPage
description avoids entries of protected pages appearing in categories
author(s) WIKImaniac
date 2008-02-04
MediaWiki version 1.10.0
function addPage( $title, $sortkey, $pageLength ) {
		global $wgContLang;
+		if ( namespaceIsVisible( $title->getNamespace() ) ) {
			$this->articles[] = $this->getSkin()->makeSizeLinkObj( 
				$pageLength, $title, $wgContLang->convert( $title->getPrefixedText() ) 
			);
			$this->articles_start_char[] = $wgContLang->convert( $wgContLang->firstChar( $sortkey ) );
+		}
	}

Special:Prefixindex[edit]

patch
file includes\SpecialPrefixindex.php
function showChunk
description avoids entries of protected pages appearing in prefixindex
author(s) WIKImaniac
date 2008-02-04
MediaWiki version 1.10.0
$out = '<table style="background: inherit;" border="0" width="100%">';

		while( ($n < $this->maxPerPage) && ($s = $dbr->fetchObject( $res )) ) {
+			if ( namespaceIsVisible( $s->page_namespace ) ) {
				$t = Title::makeTitle( $s->page_namespace, $s->page_title );
				if( $t ) {
					$link = ($s->page_is_redirect ? '<div class="allpagesredirect">' : '' ) .
						$sk->makeKnownLinkObj( $t, htmlspecialchars( $t->getText() ), false, false ) .
						($s->page_is_redirect ? '</div>' : '' );
				} else {
					$link = '[[' . htmlspecialchars( $s->page_title ) . ']]';
				}
				if( $n % 3 == 0 ) {
					$out .= '<tr>';
				}
				$out .= "<td>$link</td>";
				$n++;
				if( $n % 3 == 0 ) {
					$out .= '</tr>';
				}
+			}
		}

Special:Mostlinked[edit]

patch
file includes\SpecialMostlinked.php
function formatResult
description avoids entries of protected pages appearing in most linked pages
author(s) WIKImaniac
date 2008-02-04
MediaWiki version 1.10.0
function formatResult( $skin, $result ) {
                global $wgLang;

+                if ( namespaceIsVisible( $result->namespace ) ) {
                        $title = Title::makeTitleSafe( $result->namespace, $result->title );
                        $link = $skin->makeLinkObj( $title );
                        $wlh = $this->makeWlhLink( $title,
                                wfMsgExt( 'nlinks', array( 'parsemag', 'escape'),
                                        $wgLang->formatNum( $result->value ) ), $skin );
                        return wfSpecialList( $link, $wlh );
+                }
        }
}

Special:Listredirects[edit]

patch
file includes\SpecialListredirects.php
function formatResult
description avoids entries of protected pages appearing in list of redirects
author(s) WIKImaniac
date 2008-02-04
MediaWiki version 1.10.0
function formatResult( $skin, $result ) {
		global $wgContLang;

+		if ( namespaceIsVisible( $result->namespace ) ) {

			# Make a link to the redirect itself
			$rd_title = Title::makeTitle( $result->namespace, $result->title );
			…
+		}
	}

Special:Linksearch[edit]

patch
file extensions\LinkSearch\LinkSearch_body.php
function formatResult
description avoids entries of protected pages appearing in Special:Linksearch – if you are using Extension:LinkSearch
author(s) WIKImaniac
date 2008-02-04
MediaWiki version 1.10.0
function formatResult( $skin, $result ) {
+		if ( namespaceIsVisible( $result->namespace ) ) {
			$title = Title::makeTitle( $result->namespace, $result->title );
			$url = $result->url;
			$pageLink = $skin->makeKnownLinkObj( $title );
			$urlLink = $skin->makeExternalLink( $url, $url );

			return wfMsgHtml( 'linksearch-line', $urlLink, $pageLink );
+		}
	}


Special:Contributions[edit]

patch
file includes\SpecialContributions.php
function formatRow
description avoids entries of protected pages appearing in list of contributions
author(s) Alchemist
date 2009-11-07
MediaWiki version 1.13.3
function formatRow( $row ) {
		wfProfileIn( __METHOD__ );

		global $wgLang, $wgUser, $wgContLang;

		$sk = $this->getSkin();
		$rev = new Revision( $row );
		# Patch inspired from http://www.mediawiki.org/wiki/Extension:Lockdown/hiding_pages
+		if ( namespaceIsVisible( $row->page_namespace ) ) {

			$page = Title::makeTitle( $row->page_namespace, $row->page_title );
			$link = $sk->makeKnownLinkObj( $page );
			$difftext = $topmarktext = '';
			...

			$ret = "<li>$ret</li>\n";
			wfProfileOut( __METHOD__ );
			return $ret;
+		}
	}

ImagePage.php[edit]

patch
file includes\ImagePage.php
function imageLinks
description avoids entries of protected pages appearing on image pages
author(s) Alchemist
date 2009-11-08
MediaWiki version 1.13.3
function imageLinks()
	{
		...
		$wgOut->addHTML( "<div id='mw-imagepage-section-linkstoimage'>\n" );
		$wgOut->addWikiMsg( 'linkstoimage', $count );
		$wgOut->addHTML( "<ul class='mw-imagepage-linktoimage'>\n" );

		$sk = $wgUser->getSkin();
		$count = 0;
		while ( $s = $res->fetchObject() ) {
			$count++;
			if ( $count <= $limit ) {
+				if ( namespaceIsVisible( $s->page_namespace ) ) {
					// We have not yet reached the extra one that tells us there is more to fetch
					$name = Title::makeTitle( $s->page_namespace, $s->page_title );
					$link = $sk->makeKnownLinkObj( $name, "" );
					$wgOut->addHTML( "<li>{$link}</li>\n" );
+				}
			}
		}
		$wgOut->addHTML( "</ul></div>\n" );
		$res->free();

		// Add a links to [[Special:Whatlinkshere]]
		if ( $count > $limit )
			$wgOut->addWikiMsg( 'morelinkstoimage', $this->mTitle->getPrefixedDBkey() );
	}

Namespace-Prefix in Login Page[edit]

patch
file includes\Title.php
function getNsText
description allows namespace to appear in you-need-to-login-page
author(s) mbr
date 2011-02-03
MediaWiki version 1.16.1
*** includes/Title.php.old	2011-02-04 17:27:22.000000000 +0100
--- includes/Title.php	2011-02-04 17:27:11.000000000 +0100
*************** class Title {
*** 551,557 ****
  				return MWNamespace::getCanonicalName( $this->mNamespace );
  			}
  		}
! 		return $wgContLang->getNsText( $this->mNamespace );
  	}
  	/**
  	 * Get the DB key with the initial letter case as specified by the user
--- 551,562 ----
  				return MWNamespace::getCanonicalName( $this->mNamespace );
  			}
  		}
! 		$nsText = $wgContLang->getNsText( $this->mNamespace );
! 		if (!$nsText && isset( $this->mNamespaceText)) {
! 			return $this->mNamespaceText;
! 		} else {
! 			return $nsText;
! 		}
  	}
  	/**
  	 * Get the DB key with the initial letter case as specified by the user
*************** class Title {
*** 2315,2320 ****
--- 2320,2326 ----
  					# Ordinary namespace
  					$dbkey = $m[2];
  					$this->mNamespace = $ns;
+ 					$this->mNamespaceText = $p;
  					# For Talk:X pages, check if X has a "namespace" prefix
  					if( $ns == NS_TALK && preg_match( $prefixRegexp, $dbkey, $x ) ) {
  						if( $wgContLang->getNsIndex( $x[1] ) )