Difference between revisions of "User:Barre/MediaWiki"

From KitwarePublic
Jump to navigationJump to search
Line 3: Line 3:
* Check [[User:Barre/MediaWiki/Extensions|my extensions]]
* Check [[User:Barre/MediaWiki/Extensions|my extensions]]
* [http://en.wikipedia.org/wiki/User:Pilaf/Live_Preview Live Preview] is an extension to Wikipedia's edit page which allows you to generate instant previews of the page you're editing.
* [http://en.wikipedia.org/wiki/User:Pilaf/Live_Preview Live Preview] is an extension to Wikipedia's edit page which allows you to generate instant previews of the page you're editing.
* [http://meta.wikimedia.org/wiki/Category:Mediawiki_Extensions Mediawiki Extensions]


==Installation==
==Installation==

Revision as of 22:22, 13 April 2005

Extensions

Installation

  • PHP: fopen() does not seem to work quite well with PHP 4.3.3 on Win32 (failed to open stream: no suitable wrapper could be found). Use 4.3.10 instead.

Configuration

Editing

ACL

I had the feeling the <LocationMatch> directive would provide a way to protect a sub-section of a MediaWiki. For example, the following code requires a valid authenticated user to access any page matching the (.*)[kK]wGrid.?Private(.*) regexp.

<LocationMatch "(.*)[kK]wGrid.?Private(.*)">
  AuthName "kwGrid private section"
  AuthType Basic
  AuthUserFile /projects/KitwareWeb/restricted_accesses/wiki/kwGrid/passwd
  require valid-user
</LocationMatch>

The above code triggers a password-based authentication for any page matching the kwGrid:Private prefix, thus restricting access to a virtual sub-section or sub-directory under kwGrid:Private. For example, http://public.kitware.com/Wiki/KwGrid:Private/Welcome. It also matches any files prefixed with kwGridPrivate.

Sadly, this is flawed. The <LocationMatch> directive matches an URL, but does not match the query string. Thus, there is no way to restrict access to a page when it is accessed using any of the history/diff/edit/move action. For example, http://public.kitware.com/Wiki?title=KwGrid:Private/Welcome&action=edit gives unrestricted access to the page, since the http://public.kitware.com/Wiki URL does not match our regexp.

After some talk with the developpers, it seems MediaWiki is actually not designed to protect pages from being read.