Hi! I tried searching the archives for this, but the description of my problem has such general terms that I got literally thousands of hits, and couldn't hope to search for them all. As such, I apologize if this question has been addressed before!
I am looking for a mod or plugin that would allow only the original author of an article to edit said article. If this hasn't been done or isn't possible, then I'd be interested in a way to lock all articles upon the initial submission.
Do any of you know of such a functionality, either which already exists in mediawiki, or which exists in the form of a mod or plugin?
Thanks!
Erin
On 03/05/06, Erin Spiceland erin@spiceland.org wrote:
Hi! I tried searching the archives for this, but the description of my problem has such general terms that I got literally thousands of hits, and couldn't hope to search for them all. As such, I apologize if this question has been addressed before!
I am looking for a mod or plugin that would allow only the original author of an article to edit said article. If this hasn't been done or isn't possible, then I'd be interested in a way to lock all articles upon the initial submission.
Do any of you know of such a functionality, either which already exists in mediawiki, or which exists in the form of a mod or plugin?
It's possible such an extension exists, but offhand, I don't know where. However, it shouldn't be too hard to write from scratch, either. Have a look at the userCan hook in 1.6 and 1.7alpha.
Rob Church
Thanks. Is there a central repository of extensions that I could search through? I'm a perl girl, not a php girl, so I'm not technically capable of writing the extension myself.
Erin
On Wed, 2006-05-03 at 07:49 +0100, Rob Church wrote:
On 03/05/06, Erin Spiceland erin@spiceland.org wrote:
Hi! I tried searching the archives for this, but the description of my problem has such general terms that I got literally thousands of hits, and couldn't hope to search for them all. As such, I apologize if this question has been addressed before!
I am looking for a mod or plugin that would allow only the original author of an article to edit said article. If this hasn't been done or isn't possible, then I'd be interested in a way to lock all articles upon the initial submission.
Do any of you know of such a functionality, either which already exists in mediawiki, or which exists in the form of a mod or plugin?
It's possible such an extension exists, but offhand, I don't know where. However, it shouldn't be too hard to write from scratch, either. Have a look at the userCan hook in 1.6 and 1.7alpha.
Rob Church _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
On 03/05/06, Erin Spiceland erin@spiceland.org wrote:
Thanks. Is there a central repository of extensions that I could search through? I'm a perl girl, not a php girl, so I'm not technically capable of writing the extension myself.
There's quite a few in the extensions directories in Subversion. See http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions for the web-based viewer. Also check out http://meta.wikimedia.org/wiki/Category:MediaWiki_extensions.
As it happens, I attempted to write a quick extension to do what was described while I was reading it. It didn't seem to work though; PHP decided it didn't like some particular aspect and threw up stack fault errors, which I didn't have time to track down.
Rob Church
Thanks for the info! I think I've found one that I can hack into making it work for my purposes: the page-by-page authentication extension.
Erin
On Wed, 2006-05-03 at 15:59 +0100, Rob Church wrote:
On 03/05/06, Erin Spiceland erin@spiceland.org wrote:
Thanks. Is there a central repository of extensions that I could search through? I'm a perl girl, not a php girl, so I'm not technically capable of writing the extension myself.
There's quite a few in the extensions directories in Subversion. See http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions for the web-based viewer. Also check out http://meta.wikimedia.org/wiki/Category:MediaWiki_extensions.
As it happens, I attempted to write a quick extension to do what was described while I was reading it. It didn't seem to work though; PHP decided it didn't like some particular aspect and threw up stack fault errors, which I didn't have time to track down.
Rob Church _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Hello Erin,
I don't know if it will help but i've juste wrote something similar... My extension check if the user which wants to edit a page belonging to a special namespace is the same person who edited it in first.
Well the code speaks for himself (sorry for the french comments) :
------------------------------------------------------------------------ -----
<?PHP
$wgExtensionFunctions[] = 'Wikinsa_Hooks';
function Wikinsa_Hooks() { global $wgHooks; $wgHooks['userCan'][] = 'verifDroitsUsers'; }
function verifDroitsUsers(&$title, &$user, $action, &$result) {
//-------------------------------------------------------- // // Vérifie si il s'agit d'une requête d'EDITION // et si l'utilisateur n'est pas un SYSOP // //-------------------------------------------------------- if($action == 'edit' && !$user->isSysop()) { // ------------------------ // // --- Page UTILISATEUR --- // // ------------------------ // if($title->getNamespace() == NS_USER) { // --- Compare les noms -- // if ($user->getName() != $title->getText() ) { $result = false; } } // --------------------------- // // --- Expérience de Stage --- // // --------------------------- //
if ($title->getNamespace() == 100) {
// --- connexion au SGBD --- // $dbw =& wfGetDB( DB_MASTER ); // --- titre de la page --- // $titre_page = $title->getText(); $titre_page = str_replace(" ","_", $titre_page); // --- les tables de la base --- // $table_1 = $dbw->tableName( 'page' ); $table_2 = $dbw->tableName( 'revision' ); // --- 1ère requête : id de la page --- // $res1 = $dbw->query("SELECT page_id FROM $table_1 WHERE page_title="$titre_page";"); $ligne = mysql_fetch_row($res1); $id_page = $ligne[0]; // ---- 2ème requête : nom de l'utilisateur ---/ $res2 = $dbw->query("SELECT rev_user_text FROM $table_2 WHERE rev_page = "$id_page" LIMIT 1;"); $ligne = mysql_fetch_row($res2); $nom_user = $ligne[0]; // --- Compare le nom du créateur et du visiteur --- / if($user->getName() != $nom_user && $nom_user != null) $result = false; } } }
?>
------------------------------------------------------------------------ -----
Christophe
Hi! Thanks for posting this! I'm not familiar at all with extensions in mediawiki... How do I use this code? Also, does it actually prevent users who didn't create the page from editing it?
Thanks,
Erin
On Wed, 2006-05-03 at 19:24 +0200, Christophe PROME wrote:
Hello Erin,
I don't know if it will help but i've juste wrote something similar... My extension check if the user which wants to edit a page belonging to a special namespace is the same person who edited it in first.
Well the code speaks for himself (sorry for the french comments) :
<?PHP $wgExtensionFunctions[] = 'Wikinsa_Hooks'; function Wikinsa_Hooks() { global $wgHooks; $wgHooks['userCan'][] = 'verifDroitsUsers'; } function verifDroitsUsers(&$title, &$user, $action, &$result) { //-------------------------------------------------------- // // Vérifie si il s'agit d'une requête d'EDITION // et si l'utilisateur n'est pas un SYSOP // //-------------------------------------------------------- if($action == 'edit' && !$user->isSysop()) { // ------------------------ // // --- Page UTILISATEUR --- // // ------------------------ // if($title->getNamespace() == NS_USER) { // --- Compare les noms -- // if ($user->getName() != $title->getText() ) { $result = false; } } // --------------------------- // // --- Expérience de Stage --- // // --------------------------- // if ($title->getNamespace() == 100) { // --- connexion au SGBD --- // $dbw =& wfGetDB( DB_MASTER ); // --- titre de la page --- // $titre_page = $title->getText(); $titre_page = str_replace(" ","_", $titre_page); // --- les tables de la base --- // $table_1 = $dbw->tableName( 'page' ); $table_2 = $dbw->tableName( 'revision' ); // --- 1ère requête : id de la page --- // $res1 = $dbw->query("SELECT page_id FROM $table_1 WHERE page_title=\"$titre_page\";"); $ligne = mysql_fetch_row($res1); $id_page = $ligne[0]; // ---- 2ème requête : nom de l'utilisateur ---/ $res2 = $dbw->query("SELECT rev_user_text FROM $table_2 WHERE rev_page = \"$id_page\" LIMIT 1;"); $ligne = mysql_fetch_row($res2); $nom_user = $ligne[0]; // --- Compare le nom du créateur et du visiteur --- / if($user->getName() != $nom_user && $nom_user != null) $result = false; } } } ?>
Christophe
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
My version is as follows:
<?php
$wgExtensionFunctions[] = 'OriginalAuthorHooks';
function OriginalAuthorHooks() { global $wgHooks; $wgHooks['userCan'][] = 'OriginalAuthorHooks_UserCan'; }
function OriginalAuthorHooks_UserCan(&$title, &$user, $action, &$result) { if ($action === 'edit') { $article = new Article($title, 0); //this loads the most recent version of article $result = ($user->getID() == $article->getUser()) ? true : false; } }
?>
This will only allow editing by the user who edited the most recent revision. To use it, save it as "OriginalAuthorEdit.php" in your 'extensions' subdirectory inside the MediaWiki installation root. Then, insert "require_once('OriginalAuthorEdit.php')" near the bottom of LocalSettings.php
Gregory Szorc gregory.szorc@gmail.com
On 5/3/06, Christophe PROME chprome@yahoo.fr wrote:
Hello Erin,
I don't know if it will help but i've juste wrote something similar... My extension check if the user which wants to edit a page belonging to a special namespace is the same person who edited it in first.
Well the code speaks for himself (sorry for the french comments) :
<?PHP $wgExtensionFunctions[] = 'Wikinsa_Hooks'; function Wikinsa_Hooks() { global $wgHooks; $wgHooks['userCan'][] = 'verifDroitsUsers'; } function verifDroitsUsers(&$title, &$user, $action, &$result) { //-------------------------------------------------------- // // Vérifie si il s'agit d'une requête d'EDITION // et si l'utilisateur n'est pas un SYSOP // //-------------------------------------------------------- if($action == 'edit' && !$user->isSysop()) { // ------------------------ // // --- Page UTILISATEUR --- // // ------------------------ // if($title->getNamespace() == NS_USER) { // --- Compare les noms -- // if ($user->getName() != $title->getText() ) { $result = false; } } // --------------------------- // // --- Expérience de Stage --- // // --------------------------- // if ($title->getNamespace() == 100) { // --- connexion au SGBD --- // $dbw =& wfGetDB( DB_MASTER ); // --- titre de la page --- // $titre_page = $title->getText(); $titre_page = str_replace(" ","_", $titre_page); // --- les tables de la base --- // $table_1 = $dbw->tableName( 'page' ); $table_2 = $dbw->tableName( 'revision' ); // --- 1ère requête : id de la page --- // $res1 = $dbw->query("SELECT page_id FROM $table_1 WHERE page_title=\"$titre_page\";"); $ligne = mysql_fetch_row($res1); $id_page = $ligne[0]; // ---- 2ème requête : nom de l'utilisateur ---/ $res2 = $dbw->query("SELECT rev_user_text FROM $table_2 WHERE rev_page = \"$id_page\" LIMIT 1;"); $ligne = mysql_fetch_row($res2); $nom_user = $ligne[0]; // --- Compare le nom du créateur et du visiteur --- / if($user->getName() != $nom_user && $nom_user != null) $result = false; } } } ?>
Christophe
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Doh, I forgot to return 'true' from the function. Insert
return true;
after the line starting with "$result = "
Greg
On 5/3/06, Gregory Szorc gregory.szorc@gmail.com wrote:
My version is as follows:
<?php $wgExtensionFunctions[] = 'OriginalAuthorHooks'; function OriginalAuthorHooks() { global $wgHooks; $wgHooks['userCan'][] = 'OriginalAuthorHooks_UserCan'; } function OriginalAuthorHooks_UserCan(&$title, &$user, $action, &$result) { if ($action === 'edit') { $article = new Article($title, 0); //this loads the most recent version of article $result = ($user->getID() == $article->getUser()) ? true : false; } } ?>
This will only allow editing by the user who edited the most recent revision. To use it, save it as "OriginalAuthorEdit.php " in your 'extensions' subdirectory inside the MediaWiki installation root. Then, insert "require_once('OriginalAuthorEdit.php')" near the bottom of LocalSettings.php
Gregory Szorc gregory.szorc@gmail.com
On 5/3/06, Christophe PROME chprome@yahoo.fr wrote:
Hello Erin,
I don't know if it will help but i've juste wrote something similar... My extension check if the user which wants to edit a page belonging to a special namespace is the same person who edited it in first.
Well the code speaks for himself (sorry for the french comments) :
<?PHP $wgExtensionFunctions[] = 'Wikinsa_Hooks'; function Wikinsa_Hooks() { global $wgHooks; $wgHooks['userCan'][] = 'verifDroitsUsers'; } function verifDroitsUsers(&$title, &$user, $action, &$result) { //-------------------------------------------------------- // // Vérifie si il s'agit d'une requête d'EDITION // et si l'utilisateur n'est pas un SYSOP // //-------------------------------------------------------- if($action == 'edit' && !$user->isSysop()) { // ------------------------ // // --- Page UTILISATEUR --- // // ------------------------ // if($title->getNamespace() == NS_USER) { // --- Compare les noms -- // if ($user->getName() != $title->getText() ) { $result = false; } } // --------------------------- // // --- Expérience de Stage --- // // --------------------------- // if ($title->getNamespace() == 100) { // --- connexion au SGBD --- // $dbw =& wfGetDB( DB_MASTER ); // --- titre de la page --- // $titre_page = $title->getText(); $titre_page = str_replace(" ","_", $titre_page); // --- les tables de la base --- // $table_1 = $dbw->tableName( 'page' ); $table_2 = $dbw->tableName( 'revision' ); // --- 1ère requête : id de la page --- // $res1 = $dbw->query("SELECT page_id FROM $table_1 WHERE page_title=\"$titre_page\";"); $ligne = mysql_fetch_row($res1); $id_page = $ligne[0]; // ---- 2ème requête : nom de l'utilisateur ---/ $res2 = $dbw->query("SELECT rev_user_text FROM $table_2 WHERE rev_page = \"$id_page\" LIMIT 1;"); $ligne = mysql_fetch_row($res2); $nom_user = $ligne[0]; // --- Compare le nom du créateur et du visiteur --- / if($user->getName() != $nom_user && $nom_user != null) $result = false; } } } ?>
Christophe
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Christophe PROME wrote:
$titre_page = $title->getText(); $titre_page = str_replace(" ","_", $titre_page);
[snip]
// --- 1ère requête : id de la page --- // $res1 = $dbw->query("SELECT page_id FROM $table_1 WHEREpage_title="$titre_page";");
This is an SQL injection vulnerability; unescaped user-provided text in the query.
Note that you could save yourself some trouble here by just calling $title->getArticleId(). :)
// ---- 2ème requête : nom de l'utilisateur ---/ $res2 = $dbw->query("SELECT rev_user_text FROM $table_2 WHERErev_page = "$id_page" LIMIT 1;");
You should use "ORDER BY rev_timestamp LIMIT 1" to ensure that the proper index sort is used.
-- brion vibber (brion @ pobox.com)
Wow! Thanks to everybody! Now, since there are so many revisions, can someone post the complete, secure code?
Erin
On Wed, 2006-05-03 at 13:59 -0700, Brion Vibber wrote:
Christophe PROME wrote:
$titre_page = $title->getText(); $titre_page = str_replace(" ","_", $titre_page);[snip]
// --- 1ère requête : id de la page --- // $res1 = $dbw->query("SELECT page_id FROM $table_1 WHEREpage_title="$titre_page";");
This is an SQL injection vulnerability; unescaped user-provided text in the query.
Note that you could save yourself some trouble here by just calling $title->getArticleId(). :)
// ---- 2ème requête : nom de l'utilisateur ---/ $res2 = $dbw->query("SELECT rev_user_text FROM $table_2 WHERErev_page = "$id_page" LIMIT 1;");
You should use "ORDER BY rev_timestamp LIMIT 1" to ensure that the proper index sort is used.
-- brion vibber (brion @ pobox.com)
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
mediawiki-l@lists.wikimedia.org