Last modified: 2011-03-13 18:05:38 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T11333, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 9333 - Cascading protection does not affect <includeonly> content
Cascading protection does not affect <includeonly> content
Product: MediaWiki
Classification: Unclassified
General/Unknown (Other open bugs)
All All
: Lowest normal (vote)
: ---
Assigned To: Nobody - You can work on this!
Depends on:
Blocks: 8575
  Show dependency treegraph
Reported: 2007-03-19 03:12 UTC by Jesse (Pathoschild)
Modified: 2011-03-13 18:05 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Description Jesse (Pathoschild) 2007-03-19 03:12:47 UTC
Cascading protection does not affect transclusions wrapped with <includeonly>,
which affects content in protected templates or pages like "Project:Protected
inexistent pages".
Comment 1 Andrew Garrett 2007-03-19 04:48:11 UTC
This is difficult to fix (the list of included templates is created in a parse
operation) and of limited value. The intention of the cascading page protection
feature is to protect a page against template vandalism, not to provide hacks to
protect non-existent pages. Protecting non-existent pages should be a separate

Propose WONTFIX.
Comment 2 Aryeh Gregor (not reading bugmail, please e-mail directly) 2007-03-20 00:50:21 UTC
It seems logical for cascade protection to work properly whether the page is transcluded or 
viewed directly.  The parse operation that generates the list shouldn't strip either <noinclude> 
or <includeonly> sections.  I'm surprised if we don't have an option for that lying around 
somewhere, but it seems logical to add if we don't.

I don't see what this has to do with protection of nonexistent pages (bug 2919)?
Comment 3 Andrew Garrett 2007-04-11 08:06:01 UTC
The intention of cascading protection is to protect the "final product" page -
the one displayed to the user... not the actual page text itself - the raw
content stored in the text table. To do this, the templates included on the page
need to be protected - but the ones in includeonly needn't be, because they're
not shown on the final page displayed to users. Anyway, as I said, this is a
fairly difficult bug to fix, because it involves re-parsing things, as opposed
to piggybacking off parse operations that would have occurred anyway (as the
behaviour is currently). This is problematic from a performance perspective.

As I'm not involved with the project in any meaningful way anymore, I shan't
close this. However, I would recommend it be closed as WONTFIX.

Note You need to log in before you can comment on or make changes to this bug.