Last modified: 2014-02-14 21:54:01 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T19630, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 17630 - Article.php should check permissions before advising
Article.php should check permissions before advising
Status: PATCH_TO_REVIEW
Product: MediaWiki
Classification: Unclassified
Page protection (Other open bugs)
1.16.x
All All
: Low normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
: 11177 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-23 17:10 UTC by Dan Jacobson
Modified: 2014-02-14 21:54 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
showing login required page (101.36 KB, image/png)
2014-01-02 15:22 UTC, ziedas 		Details
clear message of permission error (96.85 KB, image/png)
2014-01-03 10:22 UTC, ziedas 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Dan Jacobson 2009-02-23 17:10:42 UTC 
Article.php returns noarticletext without checking
$wgNamespaceProtection.

This causes the user to see:
"There is currently no text in this page, you can search for this page
title in other pages _or edit this page_."

However, when he clicks that very "edit this page". He is told:
You do not have permission to edit this page, for the following reason:
You do not have permission to edit pages in the ... namespace.

"Bait and switch."

To reproduce, set e.g., $wgNamespaceProtection[NS_...]='*';
and visit some nonexistent page in that namespace.
Comment 1 Dan Jacobson 2009-05-30 23:14:56 UTC 
More info:

In LocalSettings.php, do
foreach(array('createaccount','edit','createpage','createtalk')as $i){$wgGroupPermissions['*'][$i]=false;};

Now browse title=User_talk:NoPageHereYet&action=edit . You will encounter this message:

'nocreatetext' => '{{SITENAME}} has restricted the ability to create new
pages. You can go back and edit an existing page, or
[[Special:UserLogin|log in or create an account]].',

However such blanket statements need to check first if the user can
indeed edit an existing page, or create an account.

Now browse just title=User_talk:NoPageHereYet . You will get

'noarticletext' => 'There is currently no text in this page. You can
[[Special:Search/{{PAGENAME}}|search for this page title]] in other
pages, <span class="plainlinks"> [{{fullurl:Special:Log|page={{urlencode:{{FULLPAGENAME}}}}}}
search the related logs], or [{{fullurl:{{FULLPAGENAME}}|action=edit}}
edit this page]</span>.',

Here again, they might not have permission to "edit this page", so there
ought to be a check before saying so.
Comment 2 Dan Jacobson 2009-05-30 23:17:45 UTC 
*** Bug 11177 has been marked as a duplicate of this bug. ***
Comment 3 apsdehal 2013-12-14 17:41:48 UTC 
I have a doubt if the page isn't created can't only the permissions be set on create?
If possible kindly provide a link of this kind of page.
Comment 4 Dan Jacobson 2013-12-14 22:55:57 UTC 
I'm sorry I can't help on this any more. I am now busy doing other things.
Comment 5 ziedas 2014-01-02 15:22:11 UTC 
I think it is no longer an issue. 
I put $wgGroupPermissions['*']['edit'] = false;

and it says

WIKI NAME has restricted the ability to create new pages. You can go back and edit an existing page, or log in or create an account.
screenshot attached
Comment 6 ziedas 2014-01-02 15:22:48 UTC 
Created attachment 14212 [details]
showing login required page
Comment 7 Dan Jacobson 2014-01-02 17:10:15 UTC 
Well then I guess it must be fixed now.
Comment 8 Gerrit Notification Bot 2014-01-03 10:18:32 UTC 
Change 105158 had a related patch set uploaded by Cargan:
bug 17630 fix; added aditional check if anonymous user can create/edit none existing page, if not display permission error

https://gerrit.wikimedia.org/r/105158
Comment 9 ziedas 2014-01-03 10:21:35 UTC 
I added a patch. Screenshot provided.
Comment 10 ziedas 2014-01-03 10:22:07 UTC 
Created attachment 14218 [details]
clear message of permission error
Comment 11 Gerrit Notification Bot 2014-01-03 11:56:24 UTC 
Change 105167 had a related patch set uploaded by Cargan:
(bug 17630) Add edit page permission check

https://gerrit.wikimedia.org/r/105167
Comment 12 Gerrit Notification Bot 2014-02-14 21:54:01 UTC 
Change 105167 had a related patch set uploaded by Nemo bis:
Add edit page permission check

https://gerrit.wikimedia.org/r/105167
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links