For version 0.4...
On May 16, 2008, at 12:56 PM, DanTMan wrote:
<extensive snipping below>
>> The extension does not handle user rights
permissions correctly.
>> For 1.12> it won't work correctly because it does not handle
>> $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, and
>> $wgGroupsRemoveFromSelf.
should be fixed via indirect use of changeableGroups()
>>
>> And for 1.11 it is a security issue, because for $wgAddGroups and
>> $wgRemoveGroups to work a user needs the userrights permission...
should be fixed via per previous message
Yup... Your setup of the special page is to.
'createuser' isn't a good
permission to base on.
won't change due to Vampire considerations described previously,
unless there's an alternative solution.
>> And there's some hardcoding of group names, and it's likely that
>> checkboxes are not going to be rendered correctly when anything
>> other
>> than the default groups are used.
fixed, again taking advantage of changeableGroups
>> The handling of time also appears to be done
in a way which is not
>> cross-database compatible,...
I think this is improved, but user_registration is in the schema as a
string, not a date
>> and there is raw use of DISTINCT which I
>> believe we have as a select option.
>>
now moot
>> ps:
in_array('userrights',$wgUser->getRights()); would best be
>> written
>> as $wgUser->isAllowed('userrights');
fixed.
=====================================
Jim Hu
Associate Professor
Dept. of Biochemistry and Biophysics
2128 TAMU
Texas A&M Univ.
College Station, TX 77843-2128
979-862-4054