Last modified: 2008-05-22 14:27:02 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T16222, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 14222 - The "Recent Change" page show changes even to all users
The "Recent Change" page show changes even to all users
Status: RESOLVED INVALID
Product: MediaWiki
Classification: Unclassified
Special pages (Other open bugs)
unspecified
All All
: Normal major (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-22 12:53 UTC by Jérémie Grauer
Modified: 2008-05-22 14:27 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Jérémie Grauer 2008-05-22 12:53:49 UTC
Hi,

As discussed with RoanKattouw on irc, here is the bug report :

We have discovered a crucial bug : the "recent change" page show all the modification about our pages to all users (anonymous too), even critical pages protected by NamespacePermission.

Tested on mediawiki 1.6.8 and 1.11.2.

You can contact me on irc, I'm on the mediawiki chan 24h/24 by the alias Slashman if you need more details.

Regards,

Jeremie Grauer
Comment 1 Aaron Schulz 2008-05-22 14:24:47 UTC
Per page read restrictions are not at all supported. That's generally thrown in all the documentation too.
Comment 2 Aryeh Gregor (not reading bugmail, please e-mail directly) 2008-05-22 14:27:02 UTC
[[mw:Extension:NamespacePermissions]] is not an officially-maintained extension, so this is the wrong place.  Talk to its author, Petr Andreev, or post at [[mw:Extension talk:NamespacePermissions]].

Also see the GIANT RED WARNING on the top of that page:

"If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked, leading to loss of funds or one's job.

For further details, see [[mw:Security issues with authorization extensions]]"

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links