[Bug 25563] No way to get an image description from an secure repository

2011-11-20 Thread bugzilla-daemon 
https://bugzilla.wikimedia.org/show_bug.cgi?id=25563

Roan Kattouw  changed:

   What|Removed |Added

   Attachment #7773|0   |1
is obsolete||

--- Comment #11 from Roan Kattouw  2011-11-20 13:30:52 
UTC ---
Comment on attachment 7773
  --> https://bugzilla.wikimedia.org/attachment.cgi?id=7773
modifications in the HttpFunctions.php File to access a secure
mediawiki-repository.

>--- HttpFunctions.php  2009-01-08 07:56:11.0 +0100
>+++ HttpFunctions_new.php  2010-11-01 11:47:57.0 +0100
>@@ -78,6 +78,65 @@
>   }
>   }
> 
>+global $wgAuthenticatedRepository, 
>$wgAuthenticatedRepositoryUser, $wgAuthenticatedRepositoryPassword, 
>$wgShowAuthenticatedRepositoryError;
>+  $text = '';
>+  if ( $wgAuthenticatedRepository ) {
>+require_once 
>'extensions/Snoopy-1.2.4/Snoopy.class.php';
>+$index = '';
>+$login = '';
>+
>+$wikiPath = "";
>+if (!preg_match('/(.*)\/index.php\/(.*)\?(.*)/', 
>$url, $matches)) {
>+echo "nicht gefunden";
>+} else {
>+$wikiPath = $matches[1];
>+}
>+
>+$apiPath = "$wikiPath/api.php";
>+$indexPath = "$wikiPath/index.php";
>+$title = $wgTitle->mPrefixedText;
>+  
>+$snoopy = new Snoopy;
>+
>+$request_vars = array('action' => 'login', 'lgname' 
>=> $wgAuthenticatedRepositoryUser, 'lgpassword' => 
>$wgAuthenticatedRepositoryPassword, 'format' => 'php');
>+if(!$snoopy->submit($apiPath, $request_vars))
>+die("Snoopy error: {$snoopy->error}");
>+
>+// We're only really interested in the cookies
>+$snoopy->setcookies();
>+$token = unserialize($snoopy->results);
>+$error = true;
>+$token2 = array();
>+
>+if ( $token['login']['result'] == 'NeedToken') { 
>+$request_vars = array('action' => 'login', 'lgname' 
>=> $wgAuthenticatedRepositoryUser, 'lgpassword' => 
>$wgAuthenticatedRepositoryPassword,  'lgtoken' => $token['login']['token'], 
>'format' => 'php');
>+if(!$snoopy->submit($apiPath, $request_vars))
>+die("Snoopy error: {$snoopy->error}");
>+$token2 = unserialize($snoopy->results);
>+}
>+else if ( ($token['login']['result'] == 'NoName') ) {
>+  wfDebug( __METHOD__ . ": Wrong or no User for 
>wgAuthenticatedRepositoryUser in the LocalSetting. \n" );
>+  if ( $wgShowAuthenticatedRepositoryError ) $text = "Wrong or no 
>User for wgAuthenticatedRepositoryUser in the LocalSetting.";
>+}
>+
>+
>+if ( ($token2['login']['result'] == 'Success') or 
>($token['login']['result'] == 'Success') ) { 
>+$request_vars = array('action' => 'raw', 
>'title'=>$title, 'lgtoken' => $token['login']['token'], 'format' => 'php');
>+if(!$snoopy->submit($indexPath, $request_vars))
>+die("Snoopy error: {$snoopy->error}");
>+$text = $snoopy->results;
>+}
>+else if ( ($token2['login']['result'] == 'WrongPass') or 
>($token2['login']['result'] == 'WrongPluginPass') or 
>($token2['login']['result'] == 'EmptyPass') ) {
>+  wfDebug( __METHOD__ . ": Wrong or no Password for 
>wgAuthenticatedRepositoryPassword in the LocalSetting." );
>+  if ( $wgShowAuthenticatedRepositoryError ) $text = "Wrong or no 
>Password for wgAuthenticatedRepositoryPassword in the 
>LocalSetting.";
>+}
>+else if ( ($token2['login']['result'] == 'NotExists') ) {
>+  wfDebug( __METHOD__ . ": Wrong or no User for 
>wgAuthenticatedRepositoryUser in the LocalSetting. \n" );
>+  if ( $wgShowAuthenticatedRepositoryError ) $text = "Wrong or no 
>User for wgAuthenticatedRepositoryUser in the LocalSetting.";
>+}
>+  }
>+  else 
>+  {
>   ob_start();
>   curl_exec( $c );
>   $text = ob_get_contents();
>@@ -97,6 +156,7 @@
>   $text = f

[Bug 25563] No way to get an image description from an secure repository

2011-11-20 Thread bugzilla-daemon 
https://bugzilla.wikimedia.org/show_bug.cgi?id=25563

Roan Kattouw  changed:

   What|Removed |Added

 CC||roan.katt...@gmail.com

--- Comment #10 from Roan Kattouw  2011-11-20 13:21:03 
UTC ---
I've reviewed this patch, and there's quite a few things wrong with it:
* It uses Snoopy, which is unnecessary. We've got the Http class to make HTTP
requests; if it doesn't support something you need, then add support rather
than adding an external library
* Lots of un-i18n-ed error messages and/or debugging stuff. Most of it's in
English but one is actually in German. Also, using echo or die() for error
messages is not acceptable (not sure offhand how it would be done though)
* New $wg vars should be added to DefaultSettings.php (to protect against
register_globals) and documented
* Uses $wgTitle and uses direct member access (->mPrefixedText) instead of
using getters (->getPrefixedText())
* Uses unserialize() without checking for errors
* From reading the code I'm not convinced this patch will even work. It obtains
login cookies, but then doesn't seem to use them

For these reasons I'm marking the patch as obsolete.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 25563] No way to get an image description from an secure repository

2011-11-13 Thread bugzilla-daemon 
https://bugzilla.wikimedia.org/show_bug.cgi?id=25563

--- Comment #9 from sreher  2011-11-13 18:05:24 UTC ---
The Patch goes out of my mind - but thanks.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 25563] No way to get an image description from an secure repository

2011-11-09 Thread bugzilla-daemon 
https://bugzilla.wikimedia.org/show_bug.cgi?id=25563

Sumana Harihareswara  changed:

   What|Removed |Added

   Keywords||need-review
 CC||suma...@panix.com

--- Comment #8 from Sumana Harihareswara  2011-11-10 
06:43:58 UTC ---
sreher, thank you for your patch, and I'm sorry it's taken so long for anyone
to review it!  I'm adding the "need-review" keyword to signal that a patch here
is awaiting review.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 25563] No way to get an image description from an secure repository

2011-04-29 Thread bugzilla-daemon 
https://bugzilla.wikimedia.org/show_bug.cgi?id=25563

Chad H.  changed:

   What|Removed |Added

Version|1.15.3  |1.15.x

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 25563] No way to get an image description from an secure repository

2010-11-01 Thread bugzilla-daemon 
https://bugzilla.wikimedia.org/show_bug.cgi?id=25563

--- Comment #6 from sreher  2010-11-01 11:09:36 UTC ---
Created attachment 7773
  --> https://bugzilla.wikimedia.org/attachment.cgi?id=7773
modifications in the HttpFunctions.php File to access a secure
mediawiki-repository.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 25563] No way to get an image description from an secure repository

2010-11-01 Thread bugzilla-daemon 
https://bugzilla.wikimedia.org/show_bug.cgi?id=25563

--- Comment #5 from sreher  2010-11-01 11:08:13 UTC ---
Yea - no easy way. What do you plan to do? Can I support you? I am interesed to
have a good solution.

I play a little bit around to solve my problem. Even it means to hack the
HttpFunctions.php file.

I add the patch file. I glad, when you have a look and perhaps you can tell me,
how to improve the script. 

Is there a way to check if the user is authenticated? i struggle around but
find no way, thats work. I am not so familiar with Mediawiki. 

Usage
1) i use Snoopy-1.2.4 to managed the login things, download and put it in the
extensions folder (extensions/Snoopy-1.2.4/Snoopy.class.php). Download:
http://sourceforge.net/projects/snoopy/files/

2) add this settings to the LocalSettings.php: 
$wgAuthenticatedRepository = true;
$wgAuthenticatedRepositoryUser = 'user';
$wgAuthenticatedRepositoryPassword = 'password';

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 25563] No way to get an image description from an secure repository

2010-10-23 Thread bugzilla-daemon 
https://bugzilla.wikimedia.org/show_bug.cgi?id=25563

--- Comment #4 from Bryan Tong Minh  2010-10-23 
15:27:27 UTC ---
After some discussion with Chad, we are not going to fix this, but we are going
to fail more gracefully.

For bug 22001 I am going to move the entire rendering to the API, so it should
be very easy to fail gracefully.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 25563] No way to get an image description from an secure repository

2010-10-23 Thread bugzilla-daemon 
https://bugzilla.wikimedia.org/show_bug.cgi?id=25563

--- Comment #3 from Bryan Tong Minh  2010-10-23 
15:00:12 UTC ---
The problem is that File::getDescriptionUrl should do logging in, which means
1) a lot of complexity and 2) two extra requests per image page view.
Alternatively we can log in with a shared secret, but that would mean adding an
extra login mechanism to MediaWiki.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 25563] No way to get an image description from an secure repository

2010-10-22 Thread bugzilla-daemon 
https://bugzilla.wikimedia.org/show_bug.cgi?id=25563

--- Comment #2 from sreher  2010-10-22 08:40:11 UTC ---
No - so try it and now the mediawiki works with the ForeignDbRepo
configuration. Thanks for the hint, but sadly it is the same thing. 

I follow the path down and mediawiki is using the same function to get the
image description from the repo. 

It use from 
ImagePage.php -> view() - line:62
$this->openShowImage() - line:100  
$this->printSharedImageText() - line:464
$descText = $this->img->getDescriptionText(); - line:486
File.php -> $res = Http::get( $renderUrl ); - line:1090
HttpFunction.php -> request( $method, $url, $timeout = 'default', $curlOptions
= array()) - line:39

I put the following configuration in my LocalSettings.php: 

$wgUseSharedUploads = true;
$wgFetchCommonsDescriptions = true;
$wgSharedUploadDBname = "mw_repository"; 
$wgSharedUploadDBprefix  = "mwr_";
$wgRepositoryBaseUrl =
"http://localhost/mediawiki/mediawiki-repository/index.php/File:";;

$wgUploadPath = "http://localhost/mediawiki/mediawiki-repository/images";; 
$wgSharedUploadPath = 'http://localhost/mediawiki/mediawiki-repository/images';
$wgSharedUploadDirectory =
'/Users/xxx/Sites/mediawiki/mediawiki-repository/images';
$wgHashedSharedUploadDirectory = true;

$wgForeignFileRepos[] = array(
'class' => 'ForeignDBRepo',
'name' => 'mediawiki-repository',
'url' => $wgSharedUploadPath,
'directory' => $wgSharedUploadDirectory,
'hashLevels' => 2, // This must be the same for the other family member
'dbType' => $wgDBtype,
'dbServer' => $wgDBserver,
'dbUser' => $wgDBuser,
'dbPassword' => $wgDBpassword,
'dbFlags' => DBO_DEFAULT,
'dbName' => $wgSharedUploadDBname,
'tablePrefix' => $wgSharedUploadDBprefix,
'hasSharedCache' => false,
'descBaseUrl' => $wgRepositoryBaseUrl,
'fetchDescription' => $wgFetchCommonsDescriptions
);

Is there an other function, which not fetch the description text over http?

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
You are on the CC list for the bug.

___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 25563] No way to get an image description from an secure repository

2010-10-18 Thread bugzilla-daemon 
https://bugzilla.wikimedia.org/show_bug.cgi?id=25563

Derk-Jan Hartman  changed:

   What|Removed |Added

 CC||hart...@videolan.org

--- Comment #1 from Derk-Jan Hartman  2010-10-18 13:03:54 
UTC ---
Are you using ForeignAPIRepo ? In such secure settings, you will probably want
to use a ForeignDbRepo.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
You are on the CC list for the bug.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l