[Mediawiki-l] img_auth no longer works
Jack D. Pond
jack.pond at psitex.com
Wed Jun 9 00:53:56 UTC 2010
Aaaah. Another gleaming example why developers have flat foreheads (imaging
forehead being slapped with hand).
The reason that the img_auth was not working is because it was using a
non-ssl session (http) while the primary wiki was using ssl (https). Ergo,
when the images were refered to from the wiki, there were two different
Jack "Flathead" Pond
> -----Original Message-----
> From: mediawiki-l-bounces at lists.wikimedia.org
> [mailto:mediawiki-l-bounces at lists.wikimedia.org] On Behalf Of
> Jack D. Pond
> Sent: Tuesday, June 08, 2010 5:23 PM
> To: 'MediaWiki announcements and site admin list'
> Subject: [Mediawiki-l] img_auth no longer works
> As of Monday, img_auth no longer works because (guessing)
> when img_auth checks for user rights via:
> The "user" is always anonymous ("not logged in").
> Is it possible that webstart.php used to automatically "log
> in" the user and make available groups via:
> But in recent updates, this no longer occurs?
> 1) How would I get it to log in users?
> 2) Would this present a possible xss issue?
> 3) Was this inadvertant and can it be safely reversed?
> MediaWiki-l mailing list
> MediaWiki-l at lists.wikimedia.org
More information about the MediaWiki-l