Aaaah. Another gleaming example why developers have flat foreheads (imaging
forehead being slapped with hand).
The reason that the img_auth was not working is because it was using a
non-ssl session (http) while the primary wiki was using ssl (https). Ergo,
when the images were refered to from the wiki, there were two different
session cookies.
Jack "Flathead" Pond
-----Original Message-----
From: mediawiki-l-bounces(a)lists.wikimedia.org
[mailto:mediawiki-l-bounces@lists.wikimedia.org] On Behalf Of
Jack D. Pond
Sent: Tuesday, June 08, 2010 5:23 PM
To: 'MediaWiki announcements and site admin list'
Subject: [Mediawiki-l] img_auth no longer works
As of Monday, img_auth no longer works because (guessing)
when img_auth checks for user rights via:
$title->userCanRead()
The "user" is always anonymous ("not logged in").
Is it possible that webstart.php used to automatically "log
in" the user and make available groups via:
$user->getEffectiveGroups()
But in recent updates, this no longer occurs?
Questions:
1) How would I get it to log in users?
2) Would this present a possible xss issue?
3) Was this inadvertant and can it be safely reversed?
Thanks!
jdpond
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l