Last modified: 2014-09-18 05:57:21 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T27976, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 25976 - Lockdown extension overrides wgGroupPermissions
Lockdown extension overrides wgGroupPermissions
Status: UNCONFIRMED
Product: MediaWiki extensions
Classification: Unclassified
Lockdown (Other open bugs)
unspecified
All All
: Normal critical (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-11-17 16:48 UTC by Björn von Prollius
Modified: 2014-09-18 05:57 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Björn von Prollius 2010-11-17 16:48:09 UTC
Although the header of Lockdown.php says "NOTE: you cannot GRANT access to things forbidden by $wgGroupPermissions. You can only DENY access granted there." the mere inclusion of Lockdown.php leads to this configuration being ignored:

$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['user']['edit'] = true;

Any user has edit privileges when Lockdown is active.

This is discussed here: http://www.mediawiki.org/wiki/Extension_talk:Lockdown#Seconded_-_Overriding_.24wgGroupPermissions.3F
Comment 1 Björn von Prollius 2010-11-17 18:05:16 UTC
While digging deeper I think I found a hint on where the problem lies: the behaviour described above (Lockdown overriding <code>$wgGroupPermissions['*']['edit'] = false;</code>, thus anonymous users are able to edit) arises when a user was logged in before, but is not logged in anymore. May this be a session/cookie related problem?

When requesting the same page at the same time from the same machine but in another browser (which hasn't been used for logging into the wiki), then the any-user cannot edit the page.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links