From KitwarePublic
Jump to navigationJump to search


  • Check my extensions
  • Live Preview is an extension to Wikipedia's edit page which allows you to generate instant previews of the page you're editing.


  • PHP: fopen() does not seem to work quite well with PHP 4.3.3 on Win32 (failed to open stream: no suitable wrapper could be found). Use 4.3.10 instead.




I had the feeling the <LocationMatch> directive would provide a way to protect a sub-section of a MediaWiki. For example, the following code requires a valid authenticated user to access any page matching the (.*)[kK]wGrid.?Private(.*) regexp.

<LocationMatch "(.*)[kK]wGrid.?Private(.*)">
  AuthName "kwGrid private section"
  AuthType Basic
  AuthUserFile /projects/KitwareWeb/restricted_accesses/wiki/kwGrid/passwd
  require valid-user

The above code triggers a password-based authentication for any page matching the kwGrid:Private prefix, thus restricting access to a virtual sub-section or sub-directory under kwGrid:Private. For example, It also matches any files prefixed with kwGridPrivate.

Sadly, this is flawed. The <LocationMatch> directive matches an URL, but does not match the query string. Thus, there is no way to restrict access to a page when it is accessed using any of the history/diff/edit/move action. For example, gives unrestricted access to the page, since the URL does not match our regexp.

After some talk with the developpers, it seems MediaWiki is actually not designed to protect pages from being read.