On 9/10/07, werdna@svn.wikimedia.org werdna@svn.wikimedia.org wrote:
Revision: 25720 Author: werdna Date: 2007-09-10 08:10:48 +0000 (Mon, 10 Sep 2007)
Log Message:
- (bug 8834) Split off permission for editing user JavaScript and CSS from editinterface to a new permission key editusercssjs.
I'm not sure this is a distinction that should be made in core. Anyone with editinterface can effectively take over another user account anyway if not stopped, can't they? And anyone with editusercssjs can likewise pose almost any security risk as someone with editinterface. There's no reason to have this different except discouragement. If someone really wants it, of course, it would be an extension of a few lines, but that should be unnecessary in almost all cases.
+$wgGroupPermissions['sysop']['editusercssjs'] = true;
Also note that this manner of implementation will cause a regression in any existing wikis that have disabled editinterface for sysops. It's possibly negligible, but it should at least be mentioned in the config-changes section of the release notes.
Simetrical wrote:
On 9/10/07, werdna@svn.wikimedia.org werdna@svn.wikimedia.org wrote:
Revision: 25720 Author: werdna Date: 2007-09-10 08:10:48 +0000 (Mon, 10 Sep 2007)
Log Message:
- (bug 8834) Split off permission for editing user JavaScript and CSS from editinterface to a new permission key editusercssjs.
I'm not sure this is a distinction that should be made in core. Anyone with editinterface can effectively take over another user account anyway if not stopped, can't they?
Only until we finish getting rid of the HTML messages. :)
And anyone with editusercssjs can likewise pose almost any security risk as someone with editinterface. There's no reason to have this different except discouragement.
I'd disagree; they're rather distinct in essence.
+$wgGroupPermissions['sysop']['editusercssjs'] = true;
Also note that this manner of implementation will cause a regression in any existing wikis that have disabled editinterface for sysops. It's possibly negligible, but it should at least be mentioned in the config-changes section of the release notes.
*nod*
-- brion vibber (brion @ wikimedia.org)
On 9/10/07, Brion Vibber brion@wikimedia.org wrote:
I'm not sure this is a distinction that should be made in core. Anyone with editinterface can effectively take over another user account anyway if not stopped, can't they?
Only until we finish getting rid of the HTML messages. :)
You mean to get rid of MediaWiki:Common.js too? (Okay, that's not relevant to sites that set $wgSiteJs = false or whatever, so sue me.)
And anyone with editusercssjs can likewise pose almost any security risk as someone with editinterface. There's no reason to have this different except discouragement.
I'd disagree; they're rather distinct in essence.
Editing site JS is not so much different than editing other users' JS no matter how you cut it, at least not in practice.
Simetrical wrote:
On 9/10/07, Brion Vibber brion@wikimedia.org wrote:
I'm not sure this is a distinction that should be made in core. Anyone with editinterface can effectively take over another user account anyway if not stopped, can't they?
Only until we finish getting rid of the HTML messages. :)
You mean to get rid of MediaWiki:Common.js too? (Okay, that's not relevant to sites that set $wgSiteJs = false or whatever, so sue me.)
No, that would be with the distinct permission.
-- brion
On 9/11/07, Brion Vibber brion@wikimedia.org wrote:
You mean to get rid of MediaWiki:Common.js too? (Okay, that's not relevant to sites that set $wgSiteJs = false or whatever, so sue me.)
No, that would be with the distinct permission.
You mean it should require editusercssjs? I'm not sure if that makes any more sense, but even if it does, it's not what's being done in trunk.
wikitech-l@lists.wikimedia.org