Last modified: 2010-01-16 23:33:09 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T21996, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 19996 - Namespace hiding on Special:Search
Namespace hiding on Special:Search
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
Search (Other open bugs)
1.16.x
All All
: Normal enhancement (vote)
: ---
Assigned To: Brion Vibber
: patch, patch-need-review
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-07-29 19:49 UTC by Platonides
Modified: 2010-01-16 23:33 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
mediawiki hooks (3.49 KB, patch)
2009-07-29 19:49 UTC, Platonides
Details
lockdown implementation (4.47 KB, patch)
2009-07-29 19:50 UTC, Platonides
Details

Description Platonides 2009-07-29 19:49:52 UTC
Created attachment 6399 [details]
mediawiki hooks

Special:Search has longtime been a hole for security extensions wanting to hide page content.
I provide here several new Search hooks to close that, when full namespaces are to be hidden, along the code for lockdown to make use of them.
Comment 1 Platonides 2009-07-29 19:50:19 UTC
Created attachment 6400 [details]
lockdown implementation
Comment 2 Brion Vibber 2009-07-30 16:55:13 UTC
I'm a bit leery of adding another hook point that would need to be handled and maintained... would it be better to stick with checking page permissions here, so only one point needs to be handled in the lockdown?
Comment 3 Platonides 2009-07-30 17:11:32 UTC
SearchGetNearMatchComplete could be handled directly by Special:Search (and SearchGetNearMatchBefore was added for completeness), but it's probably also interesting for extensions wishing to expand the Go options.

OTOH SearchEngineReplacePrefixesComplete and SearchableNamespaces are needed.
SpecialSearch already handles the case of going to show a page which you shouldn't see, by removing the sumamry and leaking just the title (if it removed the entry it would break pagination). Those two hooks adjust the namespaces where search is performed to include just those you are allowed to read.
Comment 4 Platonides 2010-01-16 23:33:09 UTC
Committed in r61150 & r61151

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links