[Mediawiki-l] img_auth no longer works

Jack D. Pond jack.pond at psitex.com
Wed Jun 9 00:53:56 UTC 2010


Aaaah.  Another gleaming example why developers have flat foreheads (imaging
forehead being slapped with hand).

The reason that the img_auth was not working is because it was using a
non-ssl session (http) while the primary wiki was using ssl (https).  Ergo,
when the images were refered to from the wiki, there were two different
session cookies.

Jack "Flathead" Pond

> -----Original Message-----
> From: mediawiki-l-bounces at lists.wikimedia.org 
> [mailto:mediawiki-l-bounces at lists.wikimedia.org] On Behalf Of 
> Jack D. Pond
> Sent: Tuesday, June 08, 2010 5:23 PM
> To: 'MediaWiki announcements and site admin list'
> Subject: [Mediawiki-l] img_auth no longer works
> 
> 
> As of Monday, img_auth no longer works because (guessing) 
> when img_auth checks for user rights via:
> 
> $title->userCanRead()
> 
> The "user" is always anonymous ("not logged in").
> 
> Is it possible that webstart.php used to automatically "log 
> in" the user and make available groups via:
> 
> $user->getEffectiveGroups()
> 
> But in recent updates, this no longer occurs?
> 
> Questions:
> 
> 1) How would I get it to log in users?
> 2) Would this present a possible xss issue?
> 3) Was this inadvertant and can it be safely reversed?
> 
> Thanks!
> 
> jdpond
> 
> 
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> 




More information about the MediaWiki-l mailing list