Project:Support desk

Jump to: navigation, search

About this board

vde   Welcome to MediaWiki.org's Support desk, where you can ask MediaWiki questions!

There are also other places where to askCommunication: IRCCommunication#Chat, mailing listsMailing lists, Wikimedia Developer Support, Q&A, mwusers (unofficial forum) etc.

Before you post

Post a new question

  1. To help us answer your questions, please always indicate which versions you are using (reported by your wiki's Special:Version page):
    • MediaWiki
    • PHP
    • Database
  2. Please include the URL of your wiki unless you absolutely can't. It's often a lot easier for us to identify the source of the problem if we can look for ourselves.
  3. To start a new thread, click "Start a new topic".

Having trouble updating from 1.26.4 to 1.30

2
209.171.88.240 (talkcontribs)

Hello. I run a small wiki for a baseball league (wiki.bullleague.org) and I seem to be encountering problems upgrading to 1.30. If someone is able to assist I'd appreciate it. Please email: commish (at) bullleague.org

Thanks!

AhmadF.Cheema (talkcontribs)

Please make your queries directly on this forum here.

Reply to "Having trouble updating from 1.26.4 to 1.30"

How to make a MediaWiki website "more" compliant to GDPR?

18
Biologically (talkcontribs)

Though this question (topic) may seem as a duplicate of this previous topic (Topic:Ucy8sfl44i6n6i51) posted on Support desk but that contained more discussions on the effect of GDPR than how to make it compliant. So, thought of starting this thread in an attempt to list all the practicable methods to make a MediaWiki installation (website) "more" GDPR compliant.

Just to avoid confusion -

1. This topic is NOT on how to change MediaWiki software to make it GDPR compliant (if at all necessary), it is on any website build on MediaWiki software. So, this focuses on extensions, scripts, or anything you can think of that may make the website more GDPR compliant.

2. Absolute compliance is not possible on public MediaWiki websites, at least for the website administrators, as most of the content are posted by the users. So the title is how to make it “MORE” GDPR compliant.

3. Please try to suggest anything about general MediaWiki websites that can be a problem due to GDPR and all the possible ways to correct or at least circumvent this problem.

I request all the active members to please share your valuable thoughts on this matter.

P.S.

I found this support desk to be the most helpful and active part of this website, so decided to ask it here.

Biologically (talkcontribs)

One discussion from Topic:Ucy8sfl44i6n6i51 -

Problem (mentioned by @Rocketpipe) - the username is attached to every edit make by the user. The user has no ability to remove any of those references.

Possible solution (also suggested by @Rocketpipe) - It might be sufficient if the user is told of this limitation during the account creation process.

Biologically (talkcontribs)

From topic Topic:Ucy8sfl44i6n6i51

Problem (mentioned by @CayceP) - the account e-mail addresses are stored in MySQL databases unencrypted/in plain text.

Possible solution (suggested by @Ciencia Al Poder) - this should not be a problem, as

  1. the email addresses are accessed only by the system admin.
  2. MediaWiki software is able to decrypt the email addresses even if encrypted, to use them for sending emails.
  3. Anyone with access of MediaWiki code or shell can decrypt them using the software
  4. The users have control to see their email addresses and delete them if they want to.
Biologically (talkcontribs)

From Topic:Ucy8sfl44i6n6i51

Problem (anonymous user) - the problem arises when the user wants to delete or hand over their data.

Possible solution (suggested by @TheDJ) -

  1. a user can delete his/her email address by removing it in the preference. Email address is not required by MediaWiki.
  2. The user releases his/her contributions under the license mentioned in the specific website.
  3. Database user can delete a specific contribution if needed.
Biologically (talkcontribs)

A note - The requirement of email address during account creation can be specified by the system admin using localsettings.php. So, the first point in the solution may not be applicable to all websites.

CayceP (talkcontribs)

Please see my reply to the other topic (is there way to merge them?)

ETA: Copy and paste from the other thread:

I'm not a lawyer but was appointed DPO by my company and I spent the last weeks and months with this topic:

  • Old, existing laws (like the Cookie policy) are still applicable when GDRP become effective (as it has been for the last two years). So if your Wiki's server is located in the EU and/or you are catering to EU based users, you may want to use Extension:CookieWarning, if you aren't already. Text of warning/explanation may have to modified accordingly.
  • GDRP demands implementation of "appropriate, cost-effective controls" to protect the personal data of EU residents. It's still debated whether GDRP demands encryption, per se. Text uses words "such as encryption", "may include encryption", "as appropriate (...)pseudonymisation" etc. so this are more suggestions than a demand For SEO reasons and because Google Chrome will marks web pages without SSL/TLS certs as "not secure" soon, you may want to use a SSL certificate for your wiki anyway. Maybe your hoster can offer free Let's encrypt certs?
  • If your wikis' SQL DB is breached, you have to inform authorities and your users which information were affected/stored (usually IP address for all editors) and e-mail address, user names First and last name if you request them from your user for logged users) (see GDPR Article 34).
  • You may want to ask your users whether they are older than 16 years upon sign-up or if they have the consent by their parents.
  • I would update the wiki privacy, if not done already, that IP address (for all editors), E-mail addresses and User names (for registered users) are stored which is technically required for tracking and roll back of edits and that user agree to that upon sign-up or editing your wiki, that who they have to contact if they want to have their account deleted.
  • I would add the part with unset e-mail as mention above. Since an e-mail address is not required for registering this may only affect wikis that use emailconfirmed for editing privileges (for example for Anti Spam measures, YMMV).
  • I would also add the name of an Admins/Mod(s) on the privacy article in case somebody wants information about their stored data. I would add link how they can close their account.
  • Also add which data protection legal authority is responsible for your country/(or federal state like in Germany), this is also required by GDPR,
Biologically (talkcontribs)

Hi, you can copy-paste the reply here. So that all the answer can be found in one place. Thank you for the all the solutions suggested by you.

RichardHeigl (talkcontribs)
This post was hidden by Biologically (history)
CayceP (talkcontribs)

Thanks for Links for Wordpress. Unfortunately the automatically generated Privacy Statement in Wordpress 4.9.6 is currently only available in English :( . Better than nothing for Wordpress users, though. Jetpack has a GDPR generator of it's own, but also only in English at the moment.

Back to MediaWiki Topic: MediaWiki could use an extension where user can export their data (still to be defined what that would includes besides the username, IP address etc what additional information was stored, if the changes/edits would have to be included), similar to Wordpress - although given the nature of how wikis works this might become a major headache (basically if a editor decides to have their personal data scraped, which is their right to do so, this means Wiki admins would have to change the user name to some anonymized version like "deleted user" or something, same for edits that were done by not logged in users where the IP is shown). https://www.mediawiki.org/wiki/Extension:UserMerge might come in handy if one merges the user to an existing generic one set up by the Wiki Admin.

Which extension (if any) could one use if they want to edit the sign-up form (for example to add a check box that a user is older that 16 years or the add a link to the privacy statement? Semantic Forms?

Biologically (talkcontribs)

I agree to the problem with deleting a user's contributions - it leaves behind the username (or IP address if the user is not logged in) in deletion log - thus, is not a clean process.

Your solution using UserMerge extension is a good and easy process to delete the username.

The record of user's contribution in revision history can be deleted using the Manual:DeleteOldRevisions.php . Read this thread for more info - Topic:Tf2bj711f0x48dba .

Also Extension:DeletePagesForGood was recommended in the above thread, but I never used it - so don't know if it's effective.

Also you can directly delete from the database (though a bit risky).

Ciencia Al Poder (talkcontribs)

From what I can see (or what I can't see, to be more precise), WMF is handling GDPR with extreme secrecy, or is not going to be compliant on May 25.

No responses in mailing lists: https://lists.wikimedia.org/pipermail/mediawiki-l/2018-May/thread.html

Nothing in Phabricator. Nothing on this thread...

I wonder if WMF is excluded from compliance because it's not a for-profit company.

Biologically (talkcontribs)

Any software hosted in EU or has users in EU has to comply with GDPR according to the regulation. So, being a non-profit organization won't relieve them of this problem, I believe.

This post was hidden by AhmadF.Cheema (history)
Sturmjäger (talkcontribs)

They have to be compliant to GPDR, because they save personal data, regardless of wether they are a for-profit company or not (and they actually make profit thanks to donations).

CayceP (talkcontribs)

What Sturmjäger said. If you have a website located on a server in the EU or which may be accessed by people from the EU, you need to GPDR compliant since even IP addresses are considered data that is protected by that. Since you can't access a website without logging the IP address, your site also affected. (Even if you yourself are not logging the IP on your site, your hoster will in some log files you have no idea of.

Biologically (talkcontribs)
CayceP (talkcontribs)
Funnily enough, German Wikipedia doesn't show anything yet...
Reply to "How to make a MediaWiki website "more" compliant to GDPR?"
Rootievv (talkcontribs)

After the installation of mediawiki it shows me that error:

Warning: require(/users/myname/www/includes/resourceloader/ResourceLoaderContext.php) [function.require]: failed to open stream: No such file or directory in /users/myname/www/includes/AutoLoader.php on line 1264

Fatal error: require() [function.require]: Failed opening required '/users/myname/www/includes/resourceloader/ResourceLoaderContext.php' (include_path='.') in /users/myname/www/includes/AutoLoader.php on line 1264

I use the latest version of MediaWiki

Thanks

Reply to "MediaWiki first startup error"
Johnywhy (talkcontribs)

Is there an extension or native method (URL API, not php) to copy a file from a remote url to my mediawiki server?

i don't see anything like that on the API documentation.

Reply to "File-Copy Extension?"
Johnywhy (talkcontribs)

Is there a native or extension method to query XML or Json using Wikitext?

(without php)

Johnywhy (talkcontribs)
Alex Swak (talkcontribs)

Whenever I try to login I get this message:

"There seems to be a problem with your login session; this action has been cancelled as a precaution against session hijacking. Go back to the previous page, reload that page and then try again."

I'm using:

MediaWiki 1.29.1

PHP 5.6.32

MySQL 5.7

This is my website. I don't use caching.

AhmadF.Cheema (talkcontribs)
Alex Swak (talkcontribs)

I tried setting $wgSessionCacheType to every possible value. Didn't work.

AdamLacey (talkcontribs)

Did you manage to resolve this as I'm having the same issue when I recently restored a DB? I also then upgraded the site in a hope it would help but still no luck unfortunately

AdamLacey (talkcontribs)

Ignore me! I discovered it was because I had set the site to read only and then restored a DB after that!

I just commented out "$wgReadOnly = 'message'" and then it woked

Reply to "Can't login to my admin account"
Sturmjäger (talkcontribs)

I'm going to take over a wiki which is running with MediaWiki 1.25 and currently is relatively dormant, so there was no preparation for the GPDR, I'll update it to the latest version when I move it to my own server.

How can I make a MediaWiki-powered wiki compliant for the GPDR?

Since the wiki has been closed for IP edits since its creation, it should be much easier I think. However, the following things still have to be implemented in our wiki:

  • A way to export an user's saved data as an XML or JSON file
  • Terms of use which need to be accepted when creating an account (or possibly a bridge to WoltLab Suite, which is the software a forum cooperating with the wiki runs with, so that forum accounts can be used in the wiki)
  • Probably an overview for SQL commands to delete accounts

Do these things already exist, or if not, are these already in development (as extensions?) or do I have to use some workarounds/close the wiki for a while?

Reply to "GPDR in MediaWiki?"

$wgEnableAPI Still Required?

3
Summary by Johnywhy

$wgEnableAPI is true by default, deprecated, and will be removed in the next release

Johnywhy (talkcontribs)

This doc says $wgEnableAPI must be set to true.

Does that apply to ALL API calls?

I noticed i'm able to perform query API calls, but $wgEnableAPI does not appear in my LocalSettings.php.

Wargo (talkcontribs)

Default value (if not exists in localsettings) is true. After 1.31.0 this setting will be "deprecated" (going to be removed).

Ciencia Al Poder (talkcontribs)

$wgEnableAPI is true by default, deprecated, and will be removed in the next release

Installed MediaWiki -- told it to ask me more questions, do I need to check extensions that come with MediaWiki?

3
Banaticus (talkcontribs)

There are several extensions like RenameUser and ParserFunctions that say, "This extension comes with MediaWiki vWhatever and above. Thus you do not have to download it again. However, you still need to follow the other instructions provided." But in the MediaWiki installation, if I tell MediaWiki that I want it to ask me more questions, it asks if I want these extensions. If I check the box for these extensions, are they fully installed for me? Is checking the box superfluous?

AhmadF.Cheema (talkcontribs)

If you check the boxes those extensions will be "fully installed" (which in this case only means automatically adding the required 1-2 lines of code per extension inside the LocalSettings.php file).

Banaticus (talkcontribs)

Thanks!

Joshua Tan JT (talkcontribs)

Hi everyone,

Is there a way that I can open PDF or word files which I have embedded in the page in a new tab?

Thanks in advance!

AhmadF.Cheema (talkcontribs)
Reply to "Open file in new tab"