Difference between revisions of "Issue:Option to only run DPL from protected pages"
From FollowTheScore
m |
|||
| Line 13: | Line 13: | ||
An option to give the full control to the admin is by letting DPL code only run from protected pages. [http://www.mediawiki.org/wiki/Extension:Secure_HTML Extension:SecureHTML] uses it and it is so simple & safe at the same time. Advantages with "$wgProtectedDPL": | An option to give the full control to the admin is by letting DPL code only run from protected pages. [http://www.mediawiki.org/wiki/Extension:Secure_HTML Extension:SecureHTML] uses it and it is so simple & safe at the same time. Advantages with "$wgProtectedDPL": | ||
*To protect a page you have to be an administrator, i.e. | *To protect a page you have to be an administrator, i.e. | ||
| − | * | + | *Normal users cannot create pages with DPL code |
| − | * | + | *Normal users cannot manipulate existing DPL code, because they can't edit the page |
| + | |||
| + | The last one is also possible without this new feature but with "$wgProtectedDPL" they simply can't do things the admin didn't allow with his DPL functions. | ||
It may not seem to be important for you but surely for other wikis with sensible data. | It may not seem to be important for you but surely for other wikis with sensible data. | ||
== Reply == | == Reply == | ||
Revision as of 22:41, 30 April 2009
| Description: | Protect your wiki from DPL abuse. E.g. "$wgProtectedDPL" as option to let DPL run only from protected pages. |
| Extension / Version: | DPL / ? |
| Type / Status: | Change Request / open |
Problem
Note: I talk about an option, not a must.
Some wiki admins may not like the idea that other users can run DPL from any page. E.g. I'm paranoid, somebody copies all my content, so I disabled all Export features etc.
An option to give the full control to the admin is by letting DPL code only run from protected pages. Extension:SecureHTML uses it and it is so simple & safe at the same time. Advantages with "$wgProtectedDPL":
- To protect a page you have to be an administrator, i.e.
- Normal users cannot create pages with DPL code
- Normal users cannot manipulate existing DPL code, because they can't edit the page
The last one is also possible without this new feature but with "$wgProtectedDPL" they simply can't do things the admin didn't allow with his DPL functions.
It may not seem to be important for you but surely for other wikis with sensible data.
