Hi Rowan,
That's one thing I can tolerate.
Funny, I figured that would be the worst part. But I guess if you've got total control over who has editing rights anyway (a CMS-style environment, rather than a truly wiki-ish one), this isn't such a big deal after all.
If it turns out, that I'm using the whole day on removing malicious category links, I'll think about another solution :-)
I'm pretty sure it's the other way around - the "parser" has to go through the wikitext, and pick out any category links it finds; these are then plonked in the database for other use if the page is being saved. On preview, they're just added in the little box at the bottom of the page, without the database being updated.
I guess it works more like 1. grabbing all the wiki text, from DB _and_ from the user's edit form, then 2. pass it to the parser. That's why a check of the access rights in a function that only grabs from DB isn't sufficient...
$wgOut (the instance of OutputPage.php)
Yes, that's the key. The very last action of index.php is to call $wgOut->output(), so I copied my (slightly modified) quickhack code to this function and it seems to work.
So we got three places to modify:
includes/Title.php prevent access for default view, editing, diff includes/OutpuPage.php prevent access in case of preview of templates LocalSettings.php define access rights
------------------------ includes/OutputPage.php, line 370 (function output() at the beginning):
# inserted by m:o global $wgRequireUser;
// get categories as array $parentCategories = $this->getCategoryLinks();
if( !empty($parentCategories) ) //prevents php warning for uncategorized pages { // go through all categories wich have restrictions foreach( $wgRequireUser as $category => $requiredUser ) { // go through all categories to which a page belongs to foreach( $parentCategories as $key => $siteCategoryLink ) { // is the page in a category that is restricted? // strip_tags gets rid of the <a href...> if( $category==strip_tags($siteCategoryLink) ) { // ...then check, whether the user is the right one! $user = $wgUser->getName(); $isUsrAllowed = preg_match("/\b$user\b/", "$requiredUser");
// not the right one? -> go away! if( $isUsrAllowed!=1 ) { // don't show any categories on the 'login required'-page $this->mCategoryLinks = array();
$this->loginToUse(); $this->mBodytext .= '<br><br>Wenn du von einer Bearbeiten-Seite hier gelandet bist, hast du versucht, ein geschuetztes template einzubinden. Benutze den Zurueck-Button in deinem Browser!<br><br>If you ended up here coming from an editing site, you have tried to use a protected template. Please use the back button of your browser!'; } } } } } # /inserted by m:o
------------------------ includes/OutputPage.php, line 623 (function loginToUse()):
//comment the following: $this->returnToMain(); # Flip back to the main page after 10 seconds.
Cheers,
- Moritz