Extension:Lockdown/hiding pages

From MediaWiki.org
Jump to navigation Jump to search

This page contains patches to mediawiki that will hide pages that are not readable from several listings. These patches have been provided by User:WIKImaniac ([1]).

security flaws & bugfixes[edit]

Following instructions have to be read like this:

+        add this line
         don't change this line
         … /* indicates that some lines have been left out here */
-        remove this line

Special:Search[edit]

Without this, vanilla Lockdown already disables snippets or pages you don't have access to, as well as RSS/Atom feeds.
patch
file SpecialSearch.php
function showMatches
description avoids content of protected pages appearing in search results
author(s) WIKImaniac
date 2016-04-11
MediaWiki version 1.26.2
while( $result ) {
+		if ( ( $result->getTitle() != NULL ) && ( $result->getTitle()->userCan( 'read', $this->getUser() ) ) ) {
			$out .= $this->showHit( $result, $terms );
+			}
		$result = $matches->next()
		}

Special:Allpages, …[edit]

patch
file Lockdown.php
description avoids names of protected namespaces appearing in combo boxes
author(s) Adrian Mikula
/* Checks whether the given namespace is visible to the user who is logged in.
*  @author Adrian Mikula
*  @return Boolean
*/
function namespaceIsVisible($ns)
{
        global $wgNamespacePermissionLockdown, $wgUser;

        $groups = @$wgNamespacePermissionLockdown[$ns]['read'];
        if (!$groups) $groups = @$wgNamespacePermissionLockdown['*']['read'];
        if (!$groups) $groups = @$wgNamespacePermissionLockdown[$ns]['*'];
        if (!$groups) return true;

        $ugroups = $wgUser->getEffectiveGroups();
        $match = array_intersect($ugroups, $groups);
        if ($match) return true;
        return false;
}

/* Removes hidden namespaces from an array of namespaces.
*  @author Adrian Mikula
*  @return array
*/
function filterHiddenNamespaces($namespaces) 
{
        foreach ( $namespaces as $ns => $name ) 
        {
                if (!namespaceIsVisible($ns))
                {
                        unset($namespaces[$ns]);
                }
        }
        return $namespaces;
}
patch
file Language\Language.php
function getNamespaces
description avoids names of protected namespaces appearing in combo boxes
author(s) Adrian Mikula
function getNamespaces() {
                $this->load();
-                return $this->namespaceNames;
+                return filterHiddenNamespaces($this->namespaceNames);
        }

Special:Recentchanges[edit]

patch
file includes\SpecialRecentchanges.php
function wfSpecialRecentchanges
description avoids changes and edit summary of protected pages appearing in recent changes
author(s) WIKImaniac
date 2008-02-04
MediaWiki version 1.10.0
# Namespace filtering
	$hidem .= is_null( $namespace ) ?  '' : ' AND rc_namespace' . ($invert ? '!=' : '=') . $namespace;

+	global $wgExtraNamespaces;

+	foreach ( $wgExtraNamespaces as $num => $title ) {
+		if (!namespaceIsVisible($num)) {
+			$hidem .= ' AND rc_namespace!='.$num;
+		}
+	}
patch
file includes\SpecialRecentchanges.php
function buildMainQueryConds
description avoids changes and edit summary of protected pages appearing in recent changes
author(s) WIKImaniac, modified by Stux
date 2008-12-15
MediaWiki version 1.13.2
# Namespace filtering
		if ( $opts['namespace'] !== '' ) {
 			if ( !$opts['invert'] ) {
				$conds[] = 'rc_namespace = ' . $dbr->addQuotes( $opts['namespace'] );
			} else {
				$conds[] = 'rc_namespace != ' . $dbr->addQuotes( $opts['namespace'] );
			}
		}
+		global $wgExtraNamespaces;
+
+		foreach ( $wgExtraNamespaces as $num => $title ) {
+			if (!namespaceIsVisible($num)) {
+				$conds[] = 'rc_namespace != ' . $dbr->addQuotes( $num );
+			}
+		}

		return $conds;

Special:Watchlist[edit]

patch
file includes\SpecialWatchlist.php
function wfSpecialWatchlist
description avoids changes and edit summary of protected pages appearing in a user's watchlist
author(s) WIKImaniac, modified by Stux
date 2008-12-15
MediaWiki version 1.13.2
# Get namespace value, if supplied, and prepare a WHERE fragment
	$nameSpace = $wgRequest->getIntOrNull( 'namespace' );
	if( !is_null( $nameSpace ) ) {
		$nameSpace = intval( $nameSpace );
		$nameSpaceClause = " AND rc_namespace = $nameSpace";
	} else {
		$nameSpace = '';
		$nameSpaceClause = '';
	}
	
+	global $wgExtraNamespaces;

+	foreach ( $wgExtraNamespaces as $num => $title ) {
+		if (!namespaceIsVisible($num)) {
+			$nameSpaceClause .= ' AND rc_namespace != ' . $num;
+		}
+	}

Special:Wantedpages[edit]

patch
file includes\SpecialWantedpages.php
function formatResult
description avoids entries of protected pages appearing in wanted changes
author(s) WIKImaniac
date 2008-02-04
MediaWiki version 1.10.0
function formatResult( $skin, $result ) {
+		global $wgLang;
+		if ( namespaceIsVisible( $result->namespace ) ) {
			$title = Title::makeTitleSafe( $result->namespace, $result->title );
			…
+		}
	}

Special:Logs[edit]

patch
file includes\SpecialLog.php
function logLine
description avoids entries of protected pages appearing in the logs
author(s) WIKImaniac
date 2008-02-04
MediaWiki version 1.10.0
function logLine( $s ) {
		global $wgLang, $wgUser;;	
+		if ( namespaceIsVisible( $s->log_namespace ) ) {
			$skin = $wgUser->getSkin();
			…
+		}
	}

Categories[edit]

patch
file includes\CategoryPage.php
function addPage
description avoids entries of protected pages appearing in categories
author(s) WIKImaniac
date 2008-02-04
MediaWiki version 1.10.0
function addPage( $title, $sortkey, $pageLength ) {
		global $wgContLang;
+		if ( namespaceIsVisible( $title->getNamespace() ) ) {
			$this->articles[] = $this->getSkin()->makeSizeLinkObj( 
				$pageLength, $title, $wgContLang->convert( $title->getPrefixedText() ) 
			);
			$this->articles_start_char[] = $wgContLang->convert( $wgContLang->firstChar( $sortkey ) );
+		}
	}

Special:Prefixindex[edit]

patch
file includes\SpecialPrefixindex.php
function showChunk
description avoids entries of protected pages appearing in prefixindex
author(s) WIKImaniac
date 2008-02-04
MediaWiki version 1.10.0
$out = '<table style="background: inherit;" border="0" width="100%">';

		while( ($n < $this->maxPerPage) && ($s = $dbr->fetchObject( $res )) ) {
+			if ( namespaceIsVisible( $s->page_namespace ) ) {
				$t = Title::makeTitle( $s->page_namespace, $s->page_title );
				if( $t ) {
					$link = ($s->page_is_redirect ? '<div class="allpagesredirect">' : '' ) .
						$sk->makeKnownLinkObj( $t, htmlspecialchars( $t->getText() ), false, false ) .
						($s->page_is_redirect ? '</div>' : '' );
				} else {
					$link = '[[' . htmlspecialchars( $s->page_title ) . ']]';
				}
				if( $n % 3 == 0 ) {
					$out .= '<tr>';
				}
				$out .= "<td>$link</td>";
				$n++;
				if( $n % 3 == 0 ) {
					$out .= '</tr>';
				}
+			}
		}

Special:Mostlinked[edit]

patch
file includes\SpecialMostlinked.php
function formatResult
description avoids entries of protected pages appearing in most linked pages
author(s) WIKImaniac
date 2008-02-04
MediaWiki version 1.10.0
function formatResult( $skin, $result ) {
                global $wgLang;

+                if ( namespaceIsVisible( $result->namespace ) ) {
                        $title = Title::makeTitleSafe( $result->namespace, $result->title );
                        $link = $skin->makeLinkObj( $title );
                        $wlh = $this->makeWlhLink( $title,
                                wfMsgExt( 'nlinks', array( 'parsemag', 'escape'),
                                        $wgLang->formatNum( $result->value ) ), $skin );
                        return wfSpecialList( $link, $wlh );
+                }
        }
}

Special:Listredirects[edit]

patch
file includes\SpecialListredirects.php
function formatResult
description avoids entries of protected pages appearing in list of redirects
author(s) WIKImaniac
date 2008-02-04
MediaWiki version 1.10.0
function formatResult( $skin, $result ) {
		global $wgContLang;

+		if ( namespaceIsVisible( $result->namespace ) ) {

			# Make a link to the redirect itself
			$rd_title = Title::makeTitle( $result->namespace, $result->title );
			…
+		}
	}

Special:Linksearch[edit]

patch
file extensions\LinkSearch\LinkSearch_body.php
function formatResult
description avoids entries of protected pages appearing in Special:Linksearch – if you are using Extension:LinkSearch
author(s) WIKImaniac
date 2008-02-04
MediaWiki version 1.10.0
function formatResult( $skin, $result ) {
+		if ( namespaceIsVisible( $result->namespace ) ) {
			$title = Title::makeTitle( $result->namespace, $result->title );
			$url = $result->url;
			$pageLink = $skin->makeKnownLinkObj( $title );
			$urlLink = $skin->makeExternalLink( $url, $url );

			return wfMsgHtml( 'linksearch-line', $urlLink, $pageLink );
+		}
	}


Special:Contributions[edit]

patch
file includes\SpecialContributions.php
function formatRow
description avoids entries of protected pages appearing in list of contributions
author(s) Alchemist
date 2009-11-07
MediaWiki version 1.13.3
function formatRow( $row ) {
		wfProfileIn( __METHOD__ );

		global $wgLang, $wgUser, $wgContLang;

		$sk = $this->getSkin();
		$rev = new Revision( $row );
		# Patch inspired from http://www.mediawiki.org/wiki/Extension:Lockdown/hiding_pages
+		if ( namespaceIsVisible( $row->page_namespace ) ) {

			$page = Title::makeTitle( $row->page_namespace, $row->page_title );
			$link = $sk->makeKnownLinkObj( $page );
			$difftext = $topmarktext = '';
			...

			$ret = "<li>$ret</li>\n";
			wfProfileOut( __METHOD__ );
			return $ret;
+		}
	}

ImagePage.php[edit]

patch
file includes\ImagePage.php
function imageLinks
description avoids entries of protected pages appearing on image pages
author(s) Alchemist
date 2009-11-08
MediaWiki version 1.13.3
function imageLinks()
	{
		...
		$wgOut->addHTML( "<div id='mw-imagepage-section-linkstoimage'>\n" );
		$wgOut->addWikiMsg( 'linkstoimage', $count );
		$wgOut->addHTML( "<ul class='mw-imagepage-linktoimage'>\n" );

		$sk = $wgUser->getSkin();
		$count = 0;
		while ( $s = $res->fetchObject() ) {
			$count++;
			if ( $count <= $limit ) {
+				if ( namespaceIsVisible( $s->page_namespace ) ) {
					// We have not yet reached the extra one that tells us there is more to fetch
					$name = Title::makeTitle( $s->page_namespace, $s->page_title );
					$link = $sk->makeKnownLinkObj( $name, "" );
					$wgOut->addHTML( "<li>{$link}</li>\n" );
+				}
			}
		}
		$wgOut->addHTML( "</ul></div>\n" );
		$res->free();

		// Add a links to [[Special:Whatlinkshere]]
		if ( $count > $limit )
			$wgOut->addWikiMsg( 'morelinkstoimage', $this->mTitle->getPrefixedDBkey() );
	}

Namespace-Prefix in Login Page[edit]

patch
file includes\Title.php
function getNsText
description allows namespace to appear in you-need-to-login-page
author(s) mbr
date 2011-02-03
MediaWiki version 1.16.1
*** includes/Title.php.old	2011-02-04 17:27:22.000000000 +0100
--- includes/Title.php	2011-02-04 17:27:11.000000000 +0100
*************** class Title {
*** 551,557 ****
  				return MWNamespace::getCanonicalName( $this->mNamespace );
  			}
  		}
! 		return $wgContLang->getNsText( $this->mNamespace );
  	}
  	/**
  	 * Get the DB key with the initial letter case as specified by the user
--- 551,562 ----
  				return MWNamespace::getCanonicalName( $this->mNamespace );
  			}
  		}
! 		$nsText = $wgContLang->getNsText( $this->mNamespace );
! 		if (!$nsText && isset( $this->mNamespaceText)) {
! 			return $this->mNamespaceText;
! 		} else {
! 			return $nsText;
! 		}
  	}
  	/**
  	 * Get the DB key with the initial letter case as specified by the user
*************** class Title {
*** 2315,2320 ****
--- 2320,2326 ----
  					# Ordinary namespace
  					$dbkey = $m[2];
  					$this->mNamespace = $ns;
+ 					$this->mNamespaceText = $p;
  					# For Talk:X pages, check if X has a "namespace" prefix
  					if( $ns == NS_TALK && preg_match( $prefixRegexp, $dbkey, $x ) ) {
  						if( $wgContLang->getNsIndex( $x[1] ) )