Project:Support desk

Jump to: navigation, search

About this board

Edit description
vde   Welcome to MediaWiki.org's Support desk, where you can ask MediaWiki questions!

There are also other places where to askCommunication: IRCCommunication#Chat, mailing listsMailing lists, Q&A etc.

Before you post

Post a new question

  1. To help us answer your questions, please always indicate which versions you are using (reported by your wiki's Special:Version page):
    • MediaWiki
    • PHP
    • Database
  2. Please include the URL of your wiki unless you absolutely can't. It's often a lot easier for us to identify the source of the problem if we can look for ourselves.
  3. To start a new thread, click "Start a new topic".
By clicking "Add topic", you agree to our Terms of Use and agree to irrevocably release your text under the CC BY-SA 3.0 License and GFDL
SirLouen (talkcontribs)

Can I use a translated Page as an Interlanguage link?

For example, if I have the page wiki.com/Page1/

and the translated page is wiki.com/Page1/es

Can I use it in the interlaguage link list (bottom left, "In other languages")

Reply to "Translated Page as Interlanguage link"

Best practice to hide the open port from node.js /parsoid API

1
AL Bremen (talkcontribs)

Hi, i have installed Mediawiki 1.29 on an Apache 2 with php7.0,mariadb and the extension Visualeditor.

The VisualEditor needs parsoid / node.js.

It works all fine.

But now i have an open Port (8000) with the API service.

How can i hide this port? Or how can i make it secure, that the api is not accessible from the internet?

It seems for me, that the visualEditor demo from the MediaWiki site dont have an extra Port open.

Is there a proxy between?

Nice greetings, André

Reply to "Best practice to hide the open port from node.js /parsoid API"

There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Go back to the previous page, reload that page and then try again.

6
12.197.215.194 (talkcontribs)

I have just set up MediaWiki (1.29.0) on an AS400 IBM i machine. Though I can navigate the site, as well as create/edit pages, I cannot log in or create a new account. Every attempt to do so gives me "There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Go back to the previous page, reload that page and then try again."

I have tried adding "session_save_path("tmp");" to LocalSettings.php, as well as play with values of $wgMainCacheType and $wgSessionCacheType with no luck. Currently, my shared memory settings in LocalSettings.php have only these two lines:

$wgMainCacheType = CACHE_ACCEL;

$wgMemCachedServers = [];

How can I fix this? I believe my CSRF token is not being correctly cached in my session, but I'm not sure how to correct it.

I am using MariaDB as a database, Apache for the server, and PHP 5.5.37.

Ciencia Al Poder (talkcontribs)

If you have $wgMainCacheType = CACHE_ACCEL; you should provide a persistent data storage in $wgSessionCacheType

12.197.215.194 (talkcontribs)

I have $wgSessionCacheType = CACHE_DB;

I've been able to look into my objectcache table, and found that MWSession is being stored correctly, (as in it's the same value as <my-wiki>_session in the response header's cookie). Is there another location where that value is written/read? I figure since I know it's being cached, but my comparison is still failing, that the fault is probably in getting/setting whatever value the cached token checks against, right?

Also, for what it's worth, I've since tried installing MediaWiki using version 1.27.3, but I'm still facing the same problem.

12.197.215.194 (talkcontribs)

Another update: I've been fiddling with the source code to see if I can narrow down where my problem is occurring. This is what I'e found:

AuthManagerSpecialPage::trySubmit() is where the token mismatch is caught. $requestTokenValue and $sessionToken are not the same

setting $secret in Token::__construct to some constant allows me to sidestep the "hijacking" error, but in it's place is the error "Cookies may be disabled. Ensure you have cookies enabled start again" (my cookies are enabled), as well as the warning "You are already logged in as <username>. Use the form below to log in as another user" ("log in" changes to "sign out", but navigating away from the page at all signs me out). Supplying an incorrect password or username yields the appropriate error there, so WikiMedia is correctly able to check my credentials.

Obviously, making $secret a constant wasn't going to solve my problem, but hopefully faking it through the first error can shed some more light on what's actually going wrong.

Ciencia Al Poder (talkcontribs)

Be sure that session.referer_check is set to Off in php.ini, this can cause such invalid session problems.

setting a debug log may give some details.

12.197.215.194 (talkcontribs)

I have set session.referer_check to Off (it wasn't set before), but there is no change in behavior.

Reply to "There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Go back to the previous page, reload that page and then try again."

Dynamically generating JavaScript but using ResourceLoader?

2
Richcoups (talkcontribs)

Is there a way to dynamically generate the JavaScript that's to be loaded for a page (e.g. the script uses the current page's title) yet use ResourceLoader? Right now I'm using:

$output = RequestContext::getMain()->getOutput();

$output->addModules('ext.JSRun');

and ext.JSRun is defined in extension.json ResourceModules to be a "script.js" in the extension directory. Problem is, it's going to load the same script every time without a way to customize it using PHP for every page.

I could use the makeInlineScript function in ResourceLoader, but inline scripts aren't recommended. Is there a better way to approach the problem?

Ciencia Al Poder (talkcontribs)

Use a hook and add the necessary logic to call $output->addModules('ext.JSRun'); only when needed

Reply to "Dynamically generating JavaScript but using ResourceLoader?"

Extension CentralNotice not working on MediaWiki 1.26.3

2
194.8.223.8 (talkcontribs)

Hi there,

in short: The extension CentralNotice isnt working. Tried different versions, though they all need 1.26wmf9.

MediaWiki 1.26.3
PHP 5.6.22 (cgi-fcgi)
MySQL 5.5.25

It appears to be successfully installed, but if I click on "OK" on the Special:CentralNotice page, or try to reach templates aka Special:CentralNoticeBanners, I get following errors in the php.log from apache:

[21-Aug-2017 11:05:33 Europe/Berlin] PHP Fatal error: Call to undefined method WebRequest::getSession() in /export/*******/htdocs/mediawiki/mediawiki-1.26.3/extensions/CentralNotice/special/SpecialCentralNoticeBanners.php on line 58

[21-Aug-2017 11:06:56 Europe/Berlin] PHP Fatal error: Call to undefined method DatabaseMysql::isReadOnly() in /export/*******/htdocs/mediawiki/mediawiki-1.26.3/extensions/CentralNotice/special/SpecialCentralNotice.php on line 63

[21-Aug-2017 11:07:01 Europe/Berlin] PHP Fatal error: Call to undefined method WANObjectCache::makeGlobalKey() in /export/*******/htdocs/mediawiki/mediawiki-1.26.3/extensions/CentralNotice/includes/ChoiceDataProvider.php on line 38

Any suggestions / explanations what's wrong and what to do?

Reception123 (talkcontribs)

Unfortunately, 1.26 is no longer a supported version of MediaWiki, so it is recommended that you upgrade MediaWiki instead, see Manual:Upgrading

Reply to "Extension CentralNotice not working on MediaWiki 1.26.3"

Attempting to login: "this action has been canceled as a precaution against session hijacking."

3
50.47.103.112 (talkcontribs)

I was going to make a quick edit, tried to log in and was shown this error. I tried creating an account (I may or may not have tried editing something on westeros.org before) but was told my username was taken, so I said forgot my password, got the email, used the temp password and got the same error.

A google search yields a ton of posts from people "installing" something (seems to be a wiki program to run their own wiki?) and getting this issue, but I'm only trying to log in from my browser. The email does say that my username is associated with my email, so I'm pretty someone didn't randomly take my username randomly, unless the email system is very confusing.

Thank you for any help with this!

50.47.103.112 (talkcontribs)

I also tried this with chrome, firefox and edge (shudder) with no improvement.

AhmadF.Cheema (talkcontribs)

This is likely a configuration issue with the Wiki set-up at westeros.org. This forum, however, is not linked to westeros.org, therefore it will probably be better to make your query at westeros' forum.

Reply to "Attempting to login: "this action has been canceled as a precaution against session hijacking.""
Ciciban (talkcontribs)

I just installed the math extension.

If I use the math-environment, it produces errors.

An empty math-environment will be processed correctly, but as soon as it gets any content, e.g. <math>a</math>, it produces error messages like

Datenbankfehler

Es ist ein Datenbankabfragefehler aufgetreten. Dies könnte auf einen Fehler in der Software hindeuten.

[c5d579b6c896fd685d557fa0] 2017-08-20 14:21:29: Fataler Ausnahmefehler des Typs „DBQueryError“

sudo -u www-data php update.php returned

MediaWiki 1.28.2 Updater

Your composer.lock file is up to date with current dependencies!

Set $wgShowExceptionDetails = true; at the bottom of LocalSettings.php to show detailed debugging information

Can you suggest me a solution?

Thank you in advance!

Yours, Ciciban (talk) 14:45, 20 August 2017 (UTC)

Ciencia Al Poder (talkcontribs)

DBQueryError... maybe you forgot to run update.php after installing math?

Also Set $wgShowExceptionDetails = true; at the bottom of LocalSettings.php to show detailed debugging information

Ciciban (talkcontribs)

Thank you for your answer.

I did run update.php, as i have mentioned above.

I have now added $wgShowExceptionDetails = true; to my LocalSettings and again run sudo -u www-data php update.php. This time it returned:

MediaWiki 1.28.2 Updater

Your composer.lock file is up to date with current dependencies!
[fca32ac38af55bce3e3aab88] [no req]   InvalidArgumentException from line 357 of /var/lib/mediawiki/includes/libs/rdbms/database/Database.php: Database::factory no viable database extension found for type 'mysql'
Backtrace:
#0 /var/lib/mediawiki/includes/libs/rdbms/loadbalancer/LoadBalancer.php(852): Database::factory(string, array)
#1 /var/lib/mediawiki/includes/libs/rdbms/loadbalancer/LoadBalancer.php(684): LoadBalancer->reallyOpenConnection(array, boolean)
#2 /var/lib/mediawiki/includes/libs/rdbms/loadbalancer/LoadBalancer.php(576): LoadBalancer->openConnection(integer, boolean)
#3 /var/lib/mediawiki/includes/GlobalFunctions.php(3075): LoadBalancer->getConnection(integer, array, boolean)
#4 /var/lib/mediawiki/maintenance/Maintenance.php(1250): wfGetDB(integer, array, boolean)
#5 /var/lib/mediawiki/maintenance/update.php(144): Maintenance->getDB(integer)
#6 /var/lib/mediawiki/maintenance/doMaintenance.php(111): UpdateMediaWiki->execute()
#7 /var/lib/mediawiki/maintenance/update.php(217): require_once(string)
#8 {main}

According to spezial:version my mediawiki version is 1.28.2 and my math extension is version 3.0.0 (1097ee7) 06:38, 1. Feb. 2017.

yours, Ciciban (talk) 12:17, 21 August 2017 (UTC)

Ciencia Al Poder (talkcontribs)

Oh sorry, I didn't read part of your message!

The command line php binary is using a different php.ini file than your web server, you need to enable the mysql extension in that php.ini too.

Reply to "<math>-Environment Produces Errors"
SMF0501 (talkcontribs)

The page for Howard Sloane (https://en.wikipedia.org/wiki/Howard_Sloane) shows that it is an orphan page but another page (https://en.wikipedia.org/wiki/The_Heckscher_Foundation_for_Children) does link to it. How do I fix this? Thanks.

2003:72:6D79:5800:9953:A9E7:1DB0:D728 (talkcontribs)

When I visit https://en.wikipedia.org/wiki/Special:WhatLinksHere/Howard_Sloane, the link from The Heckscher Foundation for Children is listed there. Also Special:LonelyPages does not list Howard Sloane.

Can you elaborate what you mean exactly? The information which pages link where is not updated immediately after an according page change, but it is processed by the job queue. It can take some time until the according job has been run. Has the issue fixed itself in the meantime?

SMF0501 (talkcontribs)

Hi. Thanks for your response. When you go to the Howard Sloane page, there is a message up top that says it is an orphan page. I want to fix that so the page's rating will go up. But you seem to suggest that it is not actually an orphan. I just don't know what to do. Thanks for your help.

Ciencia Al Poder (talkcontribs)

The message about the orphan page is placed by a template ({{Orphan|date=March 2014}}), just remove it if it doesn't apply anymore.

SMF0501 (talkcontribs)

Thanks Ciencia!

kerberos authentication failure: GSSAPI Failure: gss_accept_sec_context

6
Anu8791 (talkcontribs)

HI,

We are using SSO with MediaWIKI 1.25.3 with PHP 5.3.3 (apache2handler) , MySQL 5.1.73

Here, the issue is now we are facing kerberos authentication failure issue due to not using all below encryption types while generating the keytab.

Because, now IT infrastructure/AD team not allowed to use below mentioned weak encryption types while generating keytab.

Also it's being denied for the corporate policy. And we are only allowed to use below mentioned couple of strong encryption types.

N.B. Before the Kerberos authentication was working fine when the keytab is encrypted with all below 5 types of encryption methods.

Could someone please advise to resolve the kerberos authentication issue with an alternate solution would be greatly appreciated?

Weak encryptions:

DES-CBC-CRC | DES-CBC-MD5 | RC4-HMAC-NT

Strong encryptions:

AES256-SHA1 | AES128-SHA1

Thank you in Adv..

Sanjay

Ciencia Al Poder (talkcontribs)

If I'm not mistaken, SSO with NTLM/Kerberos is done with IIS at the IIS level, MediaWiki doesn't handle the authentication at all, except that you need an extension handling auth_remoteuser. In your case I see you're using apache instead of IIS, but it should be handled the same, in the apache configuration there should be the configuration for Kerberos authentication.

You should be able to test it by enabling a debug log for MediaWiki and seeing that PHP and MediaWiki aren't called at all (nothing is written on the logs) when the authentication fails.

Anu8791 (talkcontribs)

Thanks for your quick response !

yes, we do use SSO with Kerberos. As I have disclosed, the configuration with Apache2 server is same as we earlier used and it's never changed.

But, we are now not encrypted with below types included in the keytab that is required to be configured in the Redhat Linux Server.

Weak encryptions:

DES-CBC-CRC | DES-CBC-MD5 | RC4-HMAC-NT

Also, I think we can't debug the application as of now we are getting Page can't be reached / Internal Server Error on webpage.

Could you provide the info related to the encryption types so that it would be authenticated by the KDC with below encryption types? Or how we will overcome with above error on webpage?

Strong encryptions:

AES256-SHA1 | AES128-SHA1

AKlapper (WMF) (talkcontribs)

For the records, MediaWiki 1.25.3 is an ancient unsupported software version with a good number of security issues. See https://www.mediawiki.org/wiki/Download and https://www.mediawiki.org/wiki/Manual:Upgrading

Anu8791 (talkcontribs)

For the information, earlier we did not experienced such Kerberos issues with installed MediaWiki 1.25.3. And we are coming with plan to upgrade MediaWiki 1.27.3 LTS version after fix the authentication issue.

Also, it's the issue with server level authentication(Kerberos) not with application level configuration.

The Scenario is like we are getting TGT from KDC while we initialize the keytab. But, its not authorized by Kerberos GSS-API and logged below error in the server.

"- kerb_authenticate_user entered with user (NULL) and auth_type Kerberos

- Acquiring creds for SPN : xxxxxxx

- Verifying client data using KRB5 GSS-API

- Client didn't delegate us their credential

- Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration."

As I already disclosed, weak encryption types are against the corporate policy and we are now unable to use them. Since then we are putting in such kerberos authentication issue.

If you could help in this regards ? or you could delegate same issue to the responsible Kerberos tech team to get the possible solution?

Thanks in Adv,

Sanjay

Ciencia Al Poder (talkcontribs)

The problem is with Apache, not MediaWiki (everything Kerberos-related configuration you have is probably in apache config files, not MediaWiki). You should ask in an apache forum where they should have better knowledge about the different encryption options you have.

Reply to "kerberos authentication failure: GSSAPI Failure: gss_accept_sec_context"

"$wgEnableScaryTranscluding = true" brings down wiki

4
Ciciban (talkcontribs)

Dear All

Here I got the advise to use Scary Transcluding to exchange content between wikis.

After a lot of confusion I understand now, that Extension:Interwiki will not make redundant to set "$wgEnableScaryTranscluding = true" in LocalSettings.php.

However, as soon as I set the command, my wiki will deliver an error screen with the following message:

Diese Seite funktioniert nicht

localhost kann diese Anfrage momentan nicht verarbeiten.
HTTP ERROR 500

Can you give me advise how to solve the problem or at least where to look for the cause?

Thank you in advance!

197.218.81.140 (talkcontribs)

That's why it is called scary transclusion. It is incredibly inefficient, and in fact, the variable itself is a way to scare off people from using it:

Manual:$wgEnableScaryTranscluding#Details

It might be better to use the mediawiki API and javascript to obtain content from another wiki.

Ciencia Al Poder (talkcontribs)

If your wiki breaks (any page) when you add that line in LocalSettings.php, then you've made a typo or syntax error when editing LocalSettings.php. Try to find the typo and fix it. Maybe you missed the semicolon at the end of the line?

Ciciban (talkcontribs)

@User:Ciencia Al Poder,
Thanks for reminding me of my fallibility. That restrains me from starting world wars and dooming innocent souls into purgatory. In rare cases, a closing semicolon is the better measure.
Yours, Ciciban (talk) 11:37, 21 August 2017 (UTC)