As a proof of concept (these managers take a lot of convincing) I am trying to run an installation of WikiMedia on my localhost address.
I have Apache, PHP and MySQL running. These were obtained as a single package from www.firepages.com.au and installed onto my Win2K machine. Wikimedia is installed on top of that.
Anyway, on to the problem:
Logging in to Wikimedia as either a normal user, or as a sysadmin, I can click on 'edit' to make a change, but cannot get the 'save' button to function correctly. Pressing 'Save' displays the changes I have made with a warning telling me that this is a preview, and that I should save my changes.
Question: What setting might I be missing? Where do I start looking?
David Patrick Ordnance Survey, Romsey Road, Southampton, SO16 4GU http://www.ordnancesurvey.co.uk T:(023) 8079 2859 F:(023) 8079 2078
This email is only intended for the person to whom it is addressed and may contain confidential information. If you have received this email in error, please notify the sender and delete this email which must not be copied, distributed or disclosed to any other person. Unless stated otherwise, the contents of this email are personal to the writer and do not represent the official view of Ordnance Survey. Nor can any contract be formed on Ordnance Survey's behalf via email. We reserve the right to monitor emails and attachments without prior notice.
Thank you for your cooperation.
Ordnance Survey Romsey Road Southampton SO16 4GU Tel: 023 8079 2000 http://www.ordnancesurvey.co.uk
This has been observed by others, and it is believed that those cases were linked with poor/bad sessions.
During my exploration of the code (the EditPage object), I was unable to determine the cause of this.
Search the list, and attempt some debugging. (I would recomend using the Live HTTP Headers plugin for FireFox.)
On 6/10/05, David Patrick David.Patrick@ordnancesurvey.co.uk wrote:
As a proof of concept (these managers take a lot of convincing) I am trying to run an installation of WikiMedia on my localhost address.
I have Apache, PHP and MySQL running. These were obtained as a single package from www.firepages.com.au and installed onto my Win2K machine. Wikimedia is installed on top of that.
Anyway, on to the problem:
Logging in to Wikimedia as either a normal user, or as a sysadmin, I can click on 'edit' to make a change, but cannot get the 'save' button to function correctly. Pressing 'Save' displays the changes I have made with a warning telling me that this is a preview, and that I should save my changes.
Question: What setting might I be missing? Where do I start looking?
David Patrick Ordnance Survey, Romsey Road, Southampton, SO16 4GU http://www.ordnancesurvey.co.uk T:(023) 8079 2859 F:(023) 8079 2078
This email is only intended for the person to whom it is addressed and may contain confidential information. If you have received this email in error, please notify the sender and delete this email which must not be copied, distributed or disclosed to any other person. Unless stated otherwise, the contents of this email are personal to the writer and do not represent the official view of Ordnance Survey. Nor can any contract be formed on Ordnance Survey's behalf via email. We reserve the right to monitor emails and attachments without prior notice.
Thank you for your cooperation.
Ordnance Survey Romsey Road Southampton SO16 4GU Tel: 023 8079 2000 http://www.ordnancesurvey.co.uk
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Jamie Bliss wrote:
This has been observed by others, and it is believed that those cases were linked with poor/bad sessions.
During my exploration of the code (the EditPage object), I was unable to determine the cause of this.
Well, the cause is usually an incorrect session.save_path setting in php.ini. This is particularly often on Windows, because for some reason the Unix default of /tmp gets left there on the Windows distribution.
If you mean the cause for edits to fail when sessions are broken, it's like this:
When you perform various operations while logged in, such as editing, the edit form is sent along with a hidden field containing a randomly-generated token value. This token is stored in the session data on the server, and when you submit the form the stored edit token is compared against the submitted edit token value. If the tokens don't match, the submission is rejected.
This is a security measure, protection against client-side attacks such as submission of a form from another site. If you visit a malicious web site in your browser while logged in to the wiki, then that site could submit arbitrary form data to the wiki and your cookie & session data would go along with it. The malicious site however would not be able to gain access to the edit token value, so would be unable to include it with the submission; thus the edit token proves that not only is your browser logged in, but the form submission actually came from the same session. (Other possiiblities for trying to validate this could include referer checks, but this is less reliable. Among other problems, some people use proxy servers which strip referer headers.)
Without this check, there's potential that administrative actions or modifications to site-wide JavaScript could be make through an attack by getting a logged-in administrator to visit some web site.
-- brion vibber (brion @ pobox.com)
David Patrick wrote:
As a proof of concept (these managers take a lot of convincing) I am trying to run an installation of WikiMedia on my localhost address.
Just a note: Wikimedia is a non-profit corporation which runs Wikipedia and other web sites. The software is MediaWiki.
I have Apache, PHP and MySQL running. These were obtained as a single package from www.firepages.com.au and installed onto my Win2K machine. Wikimedia is installed on top of that.
Anyway, on to the problem:
Logging in to Wikimedia as either a normal user, or as a sysadmin, I can click on 'edit' to make a change, but cannot get the 'save' button to function correctly. Pressing 'Save' displays the changes I have made with a warning telling me that this is a preview, and that I should save my changes.
Edit your php.ini and make sure the session.save_path is set to a directory that: a) exists b) is writable by the web server
This is very commonly misconfigured on Windows installations of PHP, and will cause any PHP program that relies on sessions to fail. For instance, in addition to the editing problem you probably can't maintain a login unless you also click the "Remember my password across sessions" checkbox.
Check also the other session parameters to make sure none are wildly incorrect. (One person had a problem because session.referer_check has been mistakenly set with an unrelated value, causing session data to be discarded on every hit.)
-- brion vibber (brion @ pobox.com)
mediawiki-l@lists.wikimedia.org