Last modified: 2014-02-14 21:54:01 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 17630 - Article.php should check permissions before advising
Article.php should check permissions before advising
Status: PATCH_TO_REVIEW
Product: MediaWiki
Classification: Unclassified
Page protection (Other open bugs)
1.16.x
All All
: Low normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
: 11177 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-23 17:10 UTC by Dan Jacobson
Modified: 2014-02-14 21:54 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
showing login required page (101.36 KB, image/png)
2014-01-02 15:22 UTC, ziedas
Details
clear message of permission error (96.85 KB, image/png)
2014-01-03 10:22 UTC, ziedas
Details

Description Dan Jacobson 2009-02-23 17:10:42 UTC
Article.php returns noarticletext without checking
$wgNamespaceProtection.

This causes the user to see:
"There is currently no text in this page, you can search for this page
title in other pages _or edit this page_."

However, when he clicks that very "edit this page". He is told:
You do not have permission to edit this page, for the following reason:
You do not have permission to edit pages in the ... namespace.

"Bait and switch."

To reproduce, set e.g., $wgNamespaceProtection[NS_...]='*';
and visit some nonexistent page in that namespace.
Comment 1 Dan Jacobson 2009-05-30 23:14:56 UTC
More info:

In LocalSettings.php, do
foreach(array('createaccount','edit','createpage','createtalk')as $i){$wgGroupPermissions['*'][$i]=false;};

Now browse title=User_talk:NoPageHereYet&action=edit . You will encounter this message:

'nocreatetext' => '{{SITENAME}} has restricted the ability to create new
pages. You can go back and edit an existing page, or
[[Special:UserLogin|log in or create an account]].',

However such blanket statements need to check first if the user can
indeed edit an existing page, or create an account.

Now browse just title=User_talk:NoPageHereYet . You will get

'noarticletext' => 'There is currently no text in this page. You can
[[Special:Search/{{PAGENAME}}|search for this page title]] in other
pages, <span class="plainlinks"> [{{fullurl:Special:Log|page={{urlencode:{{FULLPAGENAME}}}}}}
search the related logs], or [{{fullurl:{{FULLPAGENAME}}|action=edit}}
edit this page]</span>.',

Here again, they might not have permission to "edit this page", so there
ought to be a check before saying so.
Comment 2 Dan Jacobson 2009-05-30 23:17:45 UTC
*** Bug 11177 has been marked as a duplicate of this bug. ***
Comment 3 apsdehal 2013-12-14 17:41:48 UTC
I have a doubt if the page isn't created can't only the permissions be set on create?
If possible kindly provide a link of this kind of page.
Comment 4 Dan Jacobson 2013-12-14 22:55:57 UTC
I'm sorry I can't help on this any more. I am now busy doing other things.
Comment 5 ziedas 2014-01-02 15:22:11 UTC
I think it is no longer an issue. 
I put $wgGroupPermissions['*']['edit'] = false;

and it says

WIKI NAME has restricted the ability to create new pages. You can go back and edit an existing page, or log in or create an account.
screenshot attached
Comment 6 ziedas 2014-01-02 15:22:48 UTC
Created attachment 14212 [details]
showing login required page
Comment 7 Dan Jacobson 2014-01-02 17:10:15 UTC
Well then I guess it must be fixed now.
Comment 8 Gerrit Notification Bot 2014-01-03 10:18:32 UTC
Change 105158 had a related patch set uploaded by Cargan:
bug 17630 fix; added aditional check if anonymous user can create/edit none existing page, if not display permission error

https://gerrit.wikimedia.org/r/105158
Comment 9 ziedas 2014-01-03 10:21:35 UTC
I added a patch. Screenshot provided.
Comment 10 ziedas 2014-01-03 10:22:07 UTC
Created attachment 14218 [details]
clear message of permission error
Comment 11 Gerrit Notification Bot 2014-01-03 11:56:24 UTC
Change 105167 had a related patch set uploaded by Cargan:
(bug 17630) Add edit page permission check

https://gerrit.wikimedia.org/r/105167
Comment 12 Gerrit Notification Bot 2014-02-14 21:54:01 UTC
Change 105167 had a related patch set uploaded by Nemo bis:
Add edit page permission check

https://gerrit.wikimedia.org/r/105167

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links