thing I can tolerate.
Funny, I figured that would be the worst part. But I guess if you've
got total control over who has editing rights anyway (a CMS-style
environment, rather than a truly wiki-ish one), this isn't such a big
deal after all.
If it turns out, that I'm using the whole day on removing malicious category
links, I'll think about another solution :-)
I'm pretty sure it's the other way around -
the "parser" has to go
through the wikitext, and pick out any category links it finds; these
are then plonked in the database for other use if the page is being
saved. On preview, they're just added in the little box at the bottom
of the page, without the database being updated.
I guess it works more like 1. grabbing all the wiki text, from DB _and_ from
the user's edit form, then 2. pass it to the parser. That's why a check of
the access rights in a function that only grabs from DB isn't sufficient...
$wgOut (the instance of OutputPage.php)
Yes, that's the key. The very last action of index.php is to call
$wgOut->output(), so I copied my (slightly modified) quickhack code to this
function and it seems to work.
So we got three places to modify:
includes/Title.php prevent access for default view, editing, diff
includes/OutpuPage.php prevent access in case of preview of templates
LocalSettings.php define access rights
includes/OutputPage.php, line 370 (function output() at the beginning):
# inserted by m:o
// get categories as array
$parentCategories = $this->getCategoryLinks();
if( !empty($parentCategories) ) //prevents php warning for uncategorized pages
// go through all categories wich have restrictions
foreach( $wgRequireUser as $category => $requiredUser )
// go through all categories to which a page belongs to
foreach( $parentCategories as $key => $siteCategoryLink )
// is the page in a category that is restricted?
// strip_tags gets rid of the <a href...>
if( $category==strip_tags($siteCategoryLink) )
// ...then check, whether the user is the right one!
$user = $wgUser->getName();
$isUsrAllowed = preg_match("/\b$user\b/", "$requiredUser");
// not the right one? -> go away!
if( $isUsrAllowed!=1 )
// don't show any categories on the 'login required'-page
$this->mCategoryLinks = array();
$this->mBodytext .= '<br><br>Wenn du von einer Bearbeiten-Seite
gelandet bist, hast du versucht, ein geschuetztes template einzubinden.
Benutze den Zurueck-Button in deinem Browser!<br><br>If you ended up here
coming from an editing site, you have tried to use a protected template.
Please use the back button of your browser!';
# /inserted by m:o
includes/OutputPage.php, line 623 (function loginToUse()):
//comment the following:
$this->returnToMain(); # Flip back to the main page after 10