For version 0.4... On May 16, 2008, at 12:56 PM, DanTMan wrote: <extensive snipping below>
The extension does not handle user rights permissions correctly. For 1.12> it won't work correctly because it does not handle $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, and $wgGroupsRemoveFromSelf.
should be fixed via indirect use of changeableGroups()
And for 1.11 it is a security issue, because for $wgAddGroups and $wgRemoveGroups to work a user needs the userrights permission...
should be fixed via per previous message
Yup... Your setup of the special page is to. 'createuser' isn't a good permission to base on.
won't change due to Vampire considerations described previously, unless there's an alternative solution.
And there's some hardcoding of group names, and it's likely that checkboxes are not going to be rendered correctly when anything other than the default groups are used.
fixed, again taking advantage of changeableGroups
The handling of time also appears to be done in a way which is not cross-database compatible,...
I think this is improved, but user_registration is in the schema as a string, not a date
and there is raw use of DISTINCT which I believe we have as a select option.
now moot
ps: in_array('userrights',$wgUser->getRights()); would best be written as $wgUser->isAllowed('userrights');
fixed.
===================================== Jim Hu Associate Professor Dept. of Biochemistry and Biophysics 2128 TAMU Texas A&M Univ. College Station, TX 77843-2128 979-862-4054