Issue:Option to only run DPL from protected pages
From FollowTheScore
Description: | Protect your wiki from DPL abuse. E.g. "$wgProtectedDPL" as option to let DPL run only from protected pages. |
Extension / Version: | DPL / ? |
Type / Status: | Change Request / open |
Problem
Note: I talk about an option, not a must.
Some wiki admins may not like the idea that other users can run DPL from any page. E.g. I'm paranoid, somebody copies all my content, so I disabled all Export features etc.
An option to give the full control to the admin is by letting DPL code only run from protected pages. Extension:SecureHTML uses it and it is so simple & safe at the same time. Advantages with "$wgProtectedDPL":
- To protect a page you have to be an administrator, i.e.
- Normal users can't create pages with DPL code
- Normal users can't manipulate existing DPL code, because they can't edit the page. This is also possible without this new feature but with "$wgProtectedDPL" they simply can't do things the admin didn't allow with his DPL functions.
- Normal users can't create or manipulate DPL code. They can include a protected DPL page or a normal page including DPL code, but then? No abuse :)
It may not seem to be important for you but surely for other wikis with sensible data.