Page MenuHomePhabricator

Disable unprotect tab for MediaWiki namspace
Closed, ResolvedPublic

Description

Author: leercontainer-bugzilla

Description:
The MediaWiki namespace appear protected to anonymous users and normal users,
and this is correct since the pages are protected.

However for sysops the pages appear unprotected, and it one can "protect" them
over again (and then "unprotect").

This has no real practical implications, it only causes some confusion as to the
protected status of the pages.


Version: unspecified
Severity: minor
URL: http://test.leuksman.com/index.php?title=Special:Log/protect

Details

Reference
bz2414

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 8:33 PM
bzimport set Reference to bz2414.
bzimport added a subscriber: Unknown Object (MLST).

gangleri wrote:

changed summary for better understanding

&action=unprotect and &action=protect should be deactivated as well. An adequate
message could be generted.

In the "protection log"

Regards Reinhardt [[user:gangleri]]

avarab wrote:

How about just making protection work the same for the MediaWiki: namespace except that
pages are protected by default? If admins of the wiki want anyone to edit their interface messages
I don't see why we should stop them, it's only ours to provide sane defaults.

leercontainer-bugzilla wrote:

(In reply to comment #2)

How about just making protection work the same for the MediaWiki: namespace

except that

pages are protected by default? If admins of the wiki want anyone to edit

their interface messages

I don't see why we should stop them, it's only ours to provide sane defaults.

Indeed. I'd much prefer that solution. It would also solve bug # 1606.

Several issues:

  1. Well-meaning sysops may unprotect HTML messages without realizing it's a security risk.
  2. Depending on installation and update method (and language selection), MediaWiki:

message pages may not exist to begin with -- including HTML messages used by the main wiki
code or by an extension. This opens a security risk if it's possible for an unprivileged
user to create such pages.

  1. If this isn't already done, page moves must be taken into account as well as editing;

the wiki can be broken in fun ways if key messages are renamed.

zigger wrote:

Ævar removed the tab for the MediaWiki namespace in SkinTemplate.php CVS v1.102
a few days ago.