User:Barre/MediaWiki

From KitwarePublic
Jump to navigationJump to search

Extensions

Installation

  • PHP: fopen() does not seem to work quite well with PHP 4.3.3 on Win32 (failed to open stream: no suitable wrapper could be found). Use 4.3.10 instead.

Configuration

Editing

ACL

I had the feeling the <LocationMatch> directive would provide a way to protect a sub-section of a MediaWiki. For example, the following code requires a valid authenticated user to access any page matching the (.*)[kK]wGrid.?Private(.*) regexp.

<LocationMatch "(.*)[kK]wGrid.?Private(.*)">
  AuthName "kwGrid private section"
  AuthType Basic
  AuthUserFile /projects/KitwareWeb/restricted_accesses/wiki/kwGrid/passwd
  require valid-user
</LocationMatch>

The above code triggers a password-based authentication for any page matching the kwGrid:Private prefix, thus restricting access to a virtual sub-section or sub-directory under kwGrid:Private. For example, http://public.kitware.com/Wiki/KwGrid:Private/Welcome. It also matches any files prefixed with kwGridPrivate.

Sadly, this is flawed. The <LocationMatch> directive matches an URL, but does not match the query string. Thus, there is no way to restrict access to a page when it is accessed using any of the history/diff/edit/move action. For example, http://public.kitware.com/Wiki?title=KwGrid:Private/Welcome&action=edit gives unrestricted access to the page, since the http://public.kitware.com/Wiki URL does not match our regexp.

After some talk with the developpers, it seems MediaWiki is actually not designed to protect pages from being read.

Changes I Made To This Wiki

  • LocalSettings.php:
# Extensions
include("extensions/kwIncludeFile.php");
include("extensions/kwArticleTimeStamp.php");
include("extensions/kwSiteMap.php");
include("extensions/kwBreadCrumbs.php");
  • includes/DefaultSettings.php:
$wgUseFileCache = false;
# Which namespaces should support subpages?
# See Language.php for a list of namespaces.
#
$wgNamespacesWithSubpages = array( -1 => 0, 0 => 1, 1 => 1, 2 => 1, 3 => 1, 4 => 0, 5 => 1, 6 => 0, 7 => 1, 8 => 0, 9 => 1, 10 => 0, 11 => 1);

$wgNamespacesToBeSearchedDefault = array( -1 => 0, 0 => 1, 1 => 0, 2 => 1, 3 => 0, 4 => 0, 5 => 0, 6 => 0, 7 => 0, 8 => 0, 9 => 1, 10 => 0, 11 => 1 );
  • /etc/apache/httpd.conf
 # Rewrite http://wiki.domain.tld/article properly, this is the main rule
 # RewriteRule .*Wiki(.*) /Wiki/index.php$1 [L]
 # rewrite the "abusive" above rule so that it does not catch TWiki
 #  RewriteRule ^[^T]*Wiki(.*) /Wiki/index.php$1 [L]
 # The full path is need here ! Otherwise .*Wiki is too greedy
 # and there is no way you can have a page with the word Wiki in it
 RewriteRule ^.*projects/KitwareWeb/MediaWiki(.*) /Wiki/index.php$1 [L]

 RewriteCond %{REQUEST_URI} ^/Wiki/MediaWiki
 RewriteRule (.*) /Wiki/index.php?$1 [L]
 RewriteCond %{REQUEST_URI} ^/Wiki/config
 RewriteRule (.*) /Wiki/config/index.php?$1 [L]