Stop
Betto
As of Monday, img_auth no longer works because (guessing) when img_auth checks for user rights via:
$title->userCanRead()
The "user" is always anonymous ("not logged in").
Is it possible that webstart.php used to automatically "log in" the user and make available groups via:
$user->getEffectiveGroups()
But in recent updates, this no longer occurs?
Questions:
1) How would I get it to log in users? 2) Would this present a possible xss issue? 3) Was this inadvertant and can it be safely reversed?
Thanks!
jdpond
Aaaah. Another gleaming example why developers have flat foreheads (imaging forehead being slapped with hand).
The reason that the img_auth was not working is because it was using a non-ssl session (http) while the primary wiki was using ssl (https). Ergo, when the images were refered to from the wiki, there were two different session cookies.
Jack "Flathead" Pond
-----Original Message----- From: mediawiki-l-bounces@lists.wikimedia.org [mailto:mediawiki-l-bounces@lists.wikimedia.org] On Behalf Of Jack D. Pond Sent: Tuesday, June 08, 2010 5:23 PM To: 'MediaWiki announcements and site admin list' Subject: [Mediawiki-l] img_auth no longer works
As of Monday, img_auth no longer works because (guessing) when img_auth checks for user rights via:
$title->userCanRead()
The "user" is always anonymous ("not logged in").
Is it possible that webstart.php used to automatically "log in" the user and make available groups via:
$user->getEffectiveGroups()
But in recent updates, this no longer occurs?
Questions:
- How would I get it to log in users?
- Would this present a possible xss issue?
- Was this inadvertant and can it be safely reversed?
Thanks!
jdpond
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
mediawiki-l@lists.wikimedia.org