Project:Support desk

Jump to: navigation, search

About this board

vde   Welcome to MediaWiki.org's Support desk, where you can ask MediaWiki questions!

There are also other places where to askCommunication: IRCCommunication#Chat, mailing listsMailing lists, Wikimedia Developer Support, Q&A, mwusers (unofficial forum) etc.

Before you post

Post a new question

  1. To help us answer your questions, please always indicate which versions you are using (reported by your wiki's Special:Version page):
    • MediaWiki
    • PHP
    • Database
  2. Please include the URL of your wiki unless you absolutely can't. It's often a lot easier for us to identify the source of the problem if we can look for ourselves.
  3. To start a new thread, click "Start a new topic".

I would like to get in contact with a wiki contributor

2
92.110.79.158 (talkcontribs)

Hello,

I'm an editor of a forthcoming book. I would like to use a picture for publication

I would like to get in contact with Wouter Hagens who is a contributor to wikimedia.

https://commons.wikimedia.org/wiki/User_talk:Wouterhagens

You can contact me on: image.requests.2018@gmail.com

Thanks,

Mark

AhmadF.Cheema (talkcontribs)

Have you already tried commenting on the user's talk page?

Reply to "I would like to get in contact with a wiki contributor"
Johnywhy (talkcontribs)

is there a way to obtain the section number of a section, if I know it's name?

My goal is to use API edit action on an existing section, but the edit action requires a section number.

API:Edit#Editing pages

Section name is allowed only for new sections. (i wish name was allowed for existing sections too).

Alternatively, is there a method to edit a section by name directly?

Might be relevant: https://m.mediawiki.org/wiki/Special:MyLanguage/API:Query#/talk/21

Reply to "API: Section Number From Name?"

Math extension error: API error: internal_api_error_DBQueryError

2
GEP316 (talkcontribs)
Malyacko (talkcontribs)

Feel free to file a bug report with exact MediaWiki and Math version information and steps to reproduce.

Reply to "Math extension error: API error: internal_api_error_DBQueryError"
Johnywhy (talkcontribs)

Is there an extension or native method (URL API, not php) to copy a file from a remote url to my mediawiki server?

i don't see anything like that on the API documentation.

Malyacko (talkcontribs)
Reply to "File-Copy Extension?"

Patches for Cross Scripting vulnerability

2
Cloudgurushiva (talkcontribs)

We are in the process of hosting a small community site and part of vulnerability scans, found these issues as below. Do you have any patches that I can run to avoid getting into issues of session cookie theft and other issues?

8 instances of this issue were identified, at the following locations:

  • /load.php [modules parameter]
  • /api.php [action parameter]
  • /api.php [formatversion parameter]
  • /api.php [iiprop parameter]
  • /api.php [meta parameter]
  • /api.php [name of an arbitrarily supplied URL parameter]
  • /api.php [prop parameter]
  • /api.php [titles parameter]
Malyacko (talkcontribs)

What **exactly** makes you think that there is some "Cross Scripting Vulnerability" somewhere? What is "Cross scripting"? If you meant "Cross-site scripting" (see https://en.wikipedia.org/wiki/Cross-site_scripting), have you found a specific testcase that you have tested yourself and could actively abuse? If that is the case, please see Reporting security bugs and include MediaWiki version information.

If this is just about the general API (which is not a vulnerability at all in itself), you can disable the API.

Reply to "Patches for Cross Scripting vulnerability"

Not Receiving Talk-Page Notifications

5
Johnywhy (talkcontribs)

i am subscribed to various talk pages (clicked star at page top).

But i do not receive notifications/alerts/alarms/what are they called?

How to fix?

AhmadF.Cheema (talkcontribs)

Does this happen always, or just sometimes?

Johnywhy (talkcontribs)

Not sure. Just noticed. I have received talk alerts in the past.

AhmadF.Cheema (talkcontribs)

Sometimes happen with my account too. Some notifications are never received and some are late.

Probably related to T190429.

Johnywhy (talkcontribs)

Currently, it seems i'm not receiving ANY talk alerts.

Reply to "Not Receiving Talk-Page Notifications"

Not succeccsfull with command $ php update.php

10
69.174.84.22 (talkcontribs)

Hello.

We downloaded the MediaWiki to the target directory C:\easyphp\www\mediawiki-1.30.0 ,

adjusted all settings and everything looks fine and running fine except the updates of articles are not going through. When we trying to update an article, it gives us an error [6464f5035f8355f1c3fe9341] 2018-05-08 22:33:01: Fatal exception of type "Wikimedia\Rdbms\DBQueryError"

I believe it's because we skipped one step which is to run php update.php command.

Our current PHP version on the server is 5.6.26

I downloaded PuTTY since we have Windows server, run it and tried under SSH in Remote Command line to run one by one two commands:

$ C:\easyphp\www\mediawiki-1.30.0 (to point to target dir with the most recent MediaWiki)

$ php update.php

but when I put these command into Remote command in PuTTY and press Enter or click button Open, nothing changed.

What I do wrong?

How I can succeed in PuTTY by executing these two command? Please let me know.

Thank you,

Alex FIlimonov

Malyacko (talkcontribs)

See Manual:How to debug for how to get a stacktrace for your fatal exception.

Your first "command" above is not a command. It is just the path of a location. You need to **go** to the folder where "update.php" is located and run your second command (php update.php") in that very folder.

69.174.84.22 (talkcontribs)

Where "update.php" is located in MediaWiki 1.30.0?

In main directory it does not exist.You have bunch of the files "update.php" in different directories in MediaWiki 1.30.0 by including one in folder "maintenance".

Which is correct one and from what folder or subfolder of MediaWiki I should use to?

Please let me know.

AhmadF.Cheema (talkcontribs)

The one in the folder: <Wiki_main_directory>/maintenance.

69.174.84.22 (talkcontribs)

Thank you for your answer!

I'm completely new with PuTTY, never used it previously.If for updating MediaWiki to 1.30.0 we should execute the command $php update.php (it's mentioned in your manuals as mandatory step), please help and let me know:

1) in what submenu/menu item in PuTTY I should place the path <Wiki_1.30.0_main_directory>/maintenance

2) in what submenu/menu item in PuTTY I should place the command $php update.php for execution?

Your helping is appreciated.Thank you very much!

Alex Filimonov

AhmadF.Cheema (talkcontribs)

First an SSH session will have to opened to your internet hosting provider through PuTTY, after which a terminal/command window will open up. The Update.php command will be entered inside this terminal.

To open an SSH session, you will require a Host Name (or IP address) from your hosting provider. For specific details, consult your provider's documentation regarding connecting through SSH (or see How to Use PuTTY on Windows).

69.174.84.22 (talkcontribs)

Hello Ahmad. Thank you for your reply!

It looks like you are talking about internet providers and using SSH but this is an onsite “Windows” install,

not LINUX/UNIX which you still seem to think it is. There is no SSH/port 22 connections on a Windows box.

I’m assuming there some other method of execution of the command php update.php located in maintenance directory of MediaWiki 1.30.0 I'm trying to do.

I have two questions.

1) After adding these lines into LocalSettings.php file in our local copy of MediaWiki 1.30.0

$wgShowDBErrorBacktrace = true;

$wgDebugDumpSql  = true;

error_reporting( -1 );

ini_set( 'display_errors', 1 );

I got the following details about the error by nit succeeding with an update of the article:

[5b281d44bdc6eec3ef30b391] /index.php?title=Main_Page&action=submit Wikimedia\Rdbms\DBQueryError from line 1149 of C:\easyphp\www\mediawiki-1.30.0\includes\libs\rdbms\database\Database.php: A database query error has occurred. Did you forget to run your application's database schema updater after upgrading?

Query: INSERT INTO `ip_changes` (ipc_rev_id,ipc_rev_timestamp,ipc_hex) VALUES ('9394','20180516171141','v6-00000000000000000000000000000001')

Function: Revision::insertOn

Error: 1146 Table 'wikidb.ip_changes' doesn't exist (localhost)

Backtrace:

#0 C:\easyphp\www\mediawiki-1.30.0\includes\libs\rdbms\database\Database.php(979): Wikimedia\Rdbms\Database->reportQueryError(string, integer, string, string, boolean)

#1 C:\easyphp\www\mediawiki-1.30.0\includes\libs\rdbms\database\Database.php(1589): Wikimedia\Rdbms\Database->query(string, string)

#2 C:\easyphp\www\mediawiki-1.30.0\includes\Revision.php(1528): Wikimedia\Rdbms\Database->insert(string, array, string)

#3 C:\easyphp\www\mediawiki-1.30.0\includes\page\WikiPage.php(1722): Revision->insertOn(Wikimedia\Rdbms\DatabaseMysqli)

#4 C:\easyphp\www\mediawiki-1.30.0\includes\page\WikiPage.php(1625): WikiPage->doModify(WikitextContent, integer, User, string, array)

#5 C:\easyphp\www\mediawiki-1.30.0\includes\EditPage.php(2204): WikiPage->doEditContent(WikitextContent, string, integer, boolean, User, string, array, integer)

#6 C:\easyphp\www\mediawiki-1.30.0\includes\EditPage.php(1514): EditPage->internalAttemptSave(array, boolean)

#7 C:\easyphp\www\mediawiki-1.30.0\includes\EditPage.php(667): EditPage->attemptSave(array)

#8 C:\easyphp\www\mediawiki-1.30.0\includes\actions\EditAction.php(60): EditPage->edit()

#9 C:\easyphp\www\mediawiki-1.30.0\includes\actions\SubmitAction.php(38): EditAction->show()

#10 C:\easyphp\www\mediawiki-1.30.0\includes\MediaWiki.php(499): SubmitAction->show()

#11 C:\easyphp\www\mediawiki-1.30.0\includes\MediaWiki.php(293): MediaWiki->performAction(Article, Title)

#12 C:\easyphp\www\mediawiki-1.30.0\includes\MediaWiki.php(851): MediaWiki->performRequest()

#13 C:\easyphp\www\mediawiki-1.30.0\includes\MediaWiki.php(523): MediaWiki->main()

#14 C:\easyphp\www\mediawiki-1.30.0\index.php(43): MediaWiki->run()

If this error can be fixed by running $ php update.php on our server then why not on the Windows server where our wiki located

to execute in Command Line of DOS session the command C:\PHP\php.exe "C:\easyphp\www\mediawiki-1.30.0\maintenance\update.php"?

Will it work, Ahmed?

C:\PHP\ - is the directory to where our PHP installed,

C:\easyphp\www\mediawiki-1.30.0\ - is the directory to where your MediaWiki 1.30.0 was downloaded.

Are any parameters required, Ahmed? If this will not fix our problem then how to fix it?

2) Is it completely safe to execute this command since our current wiki is 1.26 and we work with current MySQL tables for 5 yeas without any issues.

Ahmed, please provide your answers/comments to these questions 1) and 2) listed above.

Thank you,

Alex Filimonov

AhmadF.Cheema (talkcontribs)

I mentioned PuTTY, because your directly previous comment asked about it.

1) I've never personally tried this, but this is probably how the maintenance script should be run on local Windows. Also appear to have worked for Manual talk:Maintenance scripts#How else to run update.php?.

2) Shouldn't be an issue, but maybe wait for someone more knowledgeable to comment. Additionally, you should always have a complete backup at hand, before upgrading.

69.174.84.22 (talkcontribs)

Hi. thank you for your reply!

I guess we completed upgrade MediaWiki on our server to the version 1.30.0. It looks like everything is working fine besides of one thing - it's still shown about 15 vulnerabilities related to our current PHP version 5.6.26.In PHP vulnerabilities it's shown different alerts are shown in PHP before 5.6.28 and 7.x before 7.0.13

To get rid of these PHP vulnerabilities can we 1) upgrade just PHP version on our server to version 7.2.6 or 7.1.18, which one is compatible with the MediaWiki 1.30.0 currently we have?

2) Where is the document that describes just PHP version upgrade on the server?

Please let us know. Thank you!

Alex

AhmadF.Cheema (talkcontribs)

See Compatibility#PHP. Google will probably lead you to the relevant documentation regarding PHP upgrade. for your configuration.

Reply to "Not succeccsfull with command $ php update.php"

How do I have my MediaWiki account here deleted?

4
Anthonyhobday (talkcontribs)

I've never made a contribution to mediawiki.org other than to post here in the Support Desk, so I don't think deleting my account will have any of the "serious effects" that I've seen mentioned when I've searched for this issue.

How do I delete my account?

CayceP (talkcontribs)
Anthonyhobday (talkcontribs)

Thanks for the reply, CayceP. Are you saying that it's not possible to have my account on Mediawiki.org deleted?

I'm happy to have my account merged with some kind of Anonymous account, if that helps. I just don't want my details in the Mediawiki database.

AhmadF.Cheema (talkcontribs)
Reply to "How do I have my MediaWiki account here deleted?"

I want to upload in my club's wikipage the image of the shield of my club and Wikipedia doesn't allow me!

3
JuntaJuniorFC (talkcontribs)

Can you please help me to know what is going on and let me upload?

TheDJ (talkcontribs)

Sorry, this helpdesk does not deal with issues regarding Wikipedia, only with questions about the software product MediaWiki of which Wikipedia is only 1 of many installations. Please direct your question to Wikipedia itself.

JuntaJuniorFC (talkcontribs)

Sorry and thank you for your message

92.239.152.76 (talkcontribs)

I'm struggling to find ANYTHING related to how MediaWiki will be updated for GDPR compliance.

I really don't want to have to remove my wiki, but I can't find anything to help with this.

Malyacko (talkcontribs)

You could explain why exactly you think that you'd have to "remove your wiki" because of which specific aspect of the GDPR.

2001:16B8:10E3:E700:BCD7:8BBA:F67D:B20B (talkcontribs)

In how far should MediaWiki be affected by the GDPR? MediaWiki only is a tool, which allows putting arbitrary data in it. MediaWiki itself however does not contain any restrictions, what kind of data that might be and for the developers of the MediaWiki software it is impossible to control, what a single installation might be used for.

The users are responsible for the content they are putting up in their wikis. This content then could be affected by the GDPR. However, this data also would be affected, if put up inside a different tool, e.g. inside a WordPress blog or inside a Drupal installation.

92.200.127.85 (talkcontribs)

My concern is how personal data, once saved in MediaWiki, can be removed after a personal request. The "eternity" of revisions, the ability to "never forget" is a main topic for with MediaWiki. In Drupal and in WordPress you would delete a node or a post, and the content is gone. As we all know wikis work different. Maybe how wikis work is as a concept itself non-compliant with the GDPR, we'll see.

Moreover, WordPress releases these days a new version, where users have the ability to request a copy of all of THEIR special content provided to a certain platform and are able to download their "contribution package" afterwards. What will Mediawiki do, if a contributor does a request like this, pointing to GDPR?

This is how MediaWiki is affected by GDPR.

Penguin Waddles (talkcontribs)

What a website running MediaWiki does in response to a GDPR request to delete information or request a copy of all information depends on the owner of the website and his/her jurisdiction. MediaWiki has no easy built-in way to comply.

If someone was to submit a request to me, I'd ignore it because I'm in the US and despite what the EU claims, I'm not subject to any laws but US laws. All foreign court orders can be ignored too. So to Americans and others outside the EU, the GDPR really is a non-issue.

TheDJ (talkcontribs)

> So to Americans and others outside the EU, the GDPR really is a non-issue.

The "non-issue" part, sort of depends on if you want to be able to set foot in the EU at some point later in your life. Just something to consider.

Rocketpipe (talkcontribs)

The problem i see is that mediawiki stores user attributes and does not give the user control of how the attributes are used. Consider just the user name - it is attached to every edit made by the user. The user has no ability to remove any of those references.

It might be sufficient if the user was told of this limitation at the time that they selected their username.

CayceP (talkcontribs)

I too was looking on finding any information whether MediaWiki is GDPR compliant and whether the privacy statements needs to be changed. Even Wikipedia doesn't seem up to the par regarding this topic (somebody raised the issue back in February on the Wikipedia Mailing list), see https://www.quora.com/In-GDPR-what-will-happen-with-sites-like-Wikipedia-regarding-the-EU-regulation-in-terms-of-personal-information and https://lists.wikimedia.org/pipermail/mediawiki-l/2018-February/047224.html

Another issue could be that the account e-mail addresses are stored in MySQL databases unencrypted/in plain text.

This post was hidden by 196.72.158.67 (history)
92.200.127.85 (talkcontribs)

No, the problem is not that email addresses are stored, the problem arises if a user wants his data deleted or handed over. No consent is eternal due to GDPR, if you need consent from users to save their data, they have the right to revoke at any time.

Penguin Waddles (talkcontribs)

How do you propose enforcing such a "right" against a foreign website outside the EU's jurisdiction?

TheDJ (talkcontribs)

Every user can delete his or her email adres, simply by blanking it in the preferences. E-mail addresses are not required in MediaWiki.

Also, with regard to Wikipedia, when people use the site, they release their contributions under a license, which you could consider to be a legally binding contract. Now in the EU, if I go to a company, and tell them i want them to delete all their contracts with my name in them, i'm pretty sure that even under GDPR, you can pretty much ignore this.

Now I realize that not everyone has a WMF type of setup. However. Mediawiki is a tool and it has no requirement on you to make it 'easy' to comply with GDPR. If you need to go into the database to blank the text of a revision, well you can do that, no problem.

Ciencia Al Poder (talkcontribs)

The user is able to remove the consent by entering in their Special:Preferences and unset the email AFAIK

CayceP (talkcontribs)

I'm not a lawyer but was appointed DPO by my company and I spent the last weeks and months with this topic:

  • Old, existing laws (like the Cookie policy) are still applicable when GDRP become effective (as it has been for the last two years). So if your Wiki's server is located in the EU and/or you are catering to EU based users, you may want to use Extension:CookieWarning, if you aren't already. Text of warning/explanation may have to modified accordingly.
  • GDRP demands implementation of "appropriate, cost-effective controls" to protect the personal data of EU residents. It's still debated whether GDRP demands encryption, per se. Text uses words "such as encryption", "may include encryption", "as appropriate (...)pseudonymisation" etc. so this are more suggestions than a demand For SEO reasons and because Google Chrome will marks web pages without SSL/TLS certs as "not secure" soon, you may want to use a SSL certificate for your wiki anyway. Maybe your hoster can offer free Let's encrypt certs?
  • If your wikis' SQL DB is breached, you have to inform authorities and your users which information wereaffected/stored (usually IP address for all editors) and e-mail address, user names First and last name if you request them from your user for logged users) (see GDPR Article 34).
  • You may want to ask your users whether they are older than 16 years upon sign-up or if they have the consent by their parents.
  • I would update the wiki privacy, if not done already, that IP address (for all editors), E-mail addresses and User names (for registered users) are stored which is technically required for tracking and roll back of edits and that user agree to that upon sign-up or editing your wiki, that who they have to contact if they want to have their account deleted.
  • I would add the part with unset e-mail as mention above. Since an e-mail address is not required for registering this may only affect wikis that use emailconfirmed for editing privileges (for example for Anti Spam measures, YMMV).
  • I would also add the name of an Admins/Mod(s) on the privacy article in case somebody wants information about their stored data. I would add link how they can close their account.
  • Also add which data protection legal authority is responsible for your country/(or federal state like in Germany), this is also required by GDPR,
RichardHeigl (talkcontribs)
2001:16B8:10A7:6100:2D06:C123:4B0A:AC40 (talkcontribs)

Let me just make up an example:

First we assume you have to act according to GDPR.

A user of your wiki has put the full name and address of a random person into your wiki. After this has happened,

  • new revisions of the page have been created and
  • say the page has been moved (= published at another URL).

The affected person now

  • wants to have a copy of all the information you are storing about him/her. And
  • he wants to have all this data removed.

How can this be done?

TheDJ (talkcontribs)

I think this is a bit of a fallacy. This discussion depends much more on what you are doing with the technology than on the technology you are using. And i'll show you why: How do you do the same, for an article the LA times has written on someone ?

Good luck finding all instances of that one specific person (who shares a name with many other people) among all the people that the LA times has ever written something about.

Some things are just hard. And since the wiki is designed as a general, public, publishing tool this problem you posed, is in this case hard. I understand looking for an easy solution, but to some degree, this is like asking a manufacturer of a book press to solve your GDPR problem.

CayceP (talkcontribs)
Antonioagar1 (talkcontribs)

Sorry I am a bit confused. In my case, just registered users entered manually by the administrator can contribute. As far as I know, under GDPR they should give permission to store their data - personal names and emails in this example, we don't have anything else. It would be great it they can tick a "consent" box when they log in for the first time, but I am bit lost. What do you think I should include?

TheDJ (talkcontribs)

@Antonioagar1 This depends more on how you got these email addresses to begin with. You should gather that consent at the moment you collect the email address, not when you create the account for them. Now to retro actively do that now, since you didn't do it before, THAT I can understand, but you can write your own extensions for that of course.

I'm just slightly annoyed here by all these companies that apparently use open source software for their business, don't contribute to the product, and now that you have a problem with how you run your business, it needs to be solved for you, by volunteers here, so that you can keep running your business. I don't mean to offend, but that is sort of what it feels like from this side of the aisle.

Reply to "GDPR compliance"