Issue:Option to only run DPL from protected pages

From FollowTheScore
Revision as of 03:05, 1 May 2009 by Subfader (talk | contribs)
Jump to: navigation, search
Description: Protect your wiki from DPL abuse. E.g. "$wgProtectedDPL" as option to let DPL run only from protected pages.
Extension / Version: DPL   /   ?
Type / Status: Change Request   /   open

Problem

Note: I talk about an option, not a must.
Some wiki admins may not like the idea that other users can run DPL from any page. E.g. I'm paranoid, somebody copies all my content, so I disabled all Export features etc.

An option to give the full control to the admin is by letting DPL code only run from protected pages. Extension:SecureHTML uses it and it is so simple & safe at the same time. Advantages with "$wgProtectedDPL":

  • To protect a page you have to be an administrator, i.e.
  • Normal users can't create pages with DPL code
  • Normal users can't manipulate existing DPL code, because they can't edit the page. This is also possible without this new feature but with "$wgProtectedDPL" they simply can't do things the admin didn't allow with his DPL functions.
  • Normal users can't create or manipulate DPL code. They can include a protected DPL page or a normal page including DPL code, but then? No abuse :)

It may not seem to be important for you but surely for other wikis with sensible data.

Reply

What would one have to do to add an option which allows DPL only to be run from protected pages? Gero 21:56, 30 April 2009 (UTC)

Dunno exactly, that's why i request it here. But Extension:SecureHTML uses it:
	/**
	 * Verifies if the target page is protected for 'edit'
	 */
	protected function getAndCheckTitle( &$page_name, &$title )
	{
		$title = Title::newFromText( $page_name );
		if (!is_object( $title ))
			return false;
		
		// if the title does not exist,
		// then the caller will probably generate a broken link
		if ( !$title->exists() )
			return null;
		
		return $title->isProtected( 'edit' );
	}

--Subfader 02:05, 1 May 2009 (UTC)