https://bugzilla.wikimedia.org/show_bug.cgi?id=19746
Summary: Conceal information about page existence if user is not
allowed to view the page
Product: MediaWiki
Version: unspecified
Platform: All
OS/Version: All
Status: ASSIGNED
Severity: normal
Priority: Normal
Component: General/Unknown
AssignedTo: [email protected]
ReportedBy: [email protected]
If $wgGroupPermissions['*']['read'] = false;, or through some other way the
user is not allowed to view a page, its existence or non-existence should be
concealed as well.
Currently, you can tell whether the page you are trying to view exists in
different ways; this is a loophole which can reveal very limited, but
potentially critical information: For example you can be (almost) sure that a
certain user is registered on a private wiki, if the corresponding
user/user_talk page exists.
The following has to be done:
1. Mark all links to other pages as existent if the user is not allowed to view
them.
2. Mark Skin::topLinks to page&talkpage as existent if the user is not allowed
to view them.
3. Treat an existing page like it is not existent if the user is not allowed to
view it (hide "view source" and "history" toplinks and "recentchanges" toolbox
link)
A bit of a philosophical question: Should links to pages the user is not
allowed to view marked as existent or non-existent? On one side, you could
interpret "red" links as: "you can't view this page, because you are not
allowed to or it does not exist", on the other hand red links are exclusively
used to mark "this page does not exist yet", while blue links may also point to
empty logs, etc.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
