[Mediawiki-l] [quickhack] require a specific user to view a page

Moritz Karbach mailinglist at karba.ch
Wed Feb 2 19:42:10 UTC 2005


Hi Rowan,

first of all thanks for analyzing my code :-)

> Unforturnately, I've found 2 major problems with this:

This is bad :-/ But you should know, that I'm not expecting this piece of code 
working without any side effects, since a user management is far more 
complicated than a few lines :-) I don't think, that I will have any user 
that I don't know personally in my wiki, so my solution doesn't have to be 
perfectly secure. But it would be nice, of course :-)

> Firstly, it allows any user to lock themselves

That's one thing I can tolerate.

> Secondly, the content can be viewed by using the "preview" function:

But this I'd like to fix!

I guess it would be best to include some check after the page has been parsed, 
but before it gets displayed. If there is a function that gathers the 
categories (from db and from preview) and passes them to the parser, this 
would be perfect.

Is there some dataflow chart or something on the web, where the parsing 
mechanism is explained?

Cheers,

- Moritz



More information about the MediaWiki-l mailing list