Are you using ForeignAPIRepo ? In such secure settings, you will probably want to use a Foreign\x04DbRepo.

dimension.mail wrote:

No - so try it and now the mediawiki works with the ForeignDbRepo configuration. Thanks for the hint, but sadly it is the same thing.

I follow the path down and mediawiki is using the same function to get the image description from the repo.

It use from
ImagePage.php -> view() - line:62
$this->openShowImage() - line:100
$this->printSharedImageText() - line:464
$descText = $this->img->getDescriptionText(); - line:486
File.php -> $res = Http::get( $renderUrl ); - line:1090
HttpFunction.php -> request( $method, $url, $timeout = 'default', $curlOptions = array()) - line:39

I put the following configuration in my LocalSettings.php:

$wgUseSharedUploads = true;
$wgFetchCommonsDescriptions = true;
$wgSharedUploadDBname = "mw_repository";
$wgSharedUploadDBprefix = "mwr_";
$wgRepositoryBaseUrl = "http://localhost/mediawiki/mediawiki-repository/index.php/File:";

$wgUploadPath = "http://localhost/mediawiki/mediawiki-repository/images";
$wgSharedUploadPath = 'http://localhost/mediawiki/mediawiki-repository/images';
$wgSharedUploadDirectory = '/Users/xxx/Sites/mediawiki/mediawiki-repository/images';
$wgHashedSharedUploadDirectory = true;

$wgForeignFileRepos[] = array(

'class' => 'ForeignDBRepo',
'name' => 'mediawiki-repository',
'url' => $wgSharedUploadPath,
'directory' => $wgSharedUploadDirectory,
'hashLevels' => 2, // This must be the same for the other family member
'dbType' => $wgDBtype,
'dbServer' => $wgDBserver,
'dbUser' => $wgDBuser,
'dbPassword' => $wgDBpassword,
'dbFlags' => DBO_DEFAULT,
'dbName' => $wgSharedUploadDBname,
'tablePrefix' => $wgSharedUploadDBprefix,
'hasSharedCache' => false,
'descBaseUrl' => $wgRepositoryBaseUrl,
'fetchDescription' => $wgFetchCommonsDescriptions

);

Is there an other function, which not fetch the description text over http?

Bryan.TongMinh wrote:

The problem is that File::getDescriptionUrl should do logging in, which means 1) a lot of complexity and 2) two extra requests per image page view. Alternatively we can log in with a shared secret, but that would mean adding an extra login mechanism to MediaWiki.

Bryan.TongMinh wrote:

After some discussion with Chad, we are not going to fix this, but we are going to fail more gracefully.

For bug 22001 I am going to move the entire rendering to the API, so it should be very easy to fail gracefully.

dimension.mail wrote:

Yea - no easy way. What do you plan to do? Can I support you? I am interesed to have a good solution.

I play a little bit around to solve my problem. Even it means to hack the HttpFunctions.php file.

I add the patch file. I glad, when you have a look and perhaps you can tell me, how to improve the script.

Is there a way to check if the user is authenticated? i struggle around but find no way, thats work. I am not so familiar with Mediawiki.

Usage

1. i use Snoopy-1.2.4 to managed the login things, download and put it in the extensions folder (extensions/Snoopy-1.2.4/Snoopy.class.php). Download: http://sourceforge.net/projects/snoopy/files/

2. add this settings to the LocalSettings.php:

$wgAuthenticatedRepository = true;
$wgAuthenticatedRepositoryUser = 'user';
$wgAuthenticatedRepositoryPassword = 'password';

dimension.mail wrote:

modifications in the HttpFunctions.php File to access a secure mediawiki-repository.

attachment HttpFunctions.php.patch ignored as obsolete

*Bulk BZ Change: +Patch to open bugs with patches attached that are missing the keyword*

sumanah wrote:

sreher, thank you for your patch, and I'm sorry it's taken so long for anyone to review it! I'm adding the "need-review" keyword to signal that a patch here is awaiting review.

dimension.mail wrote:

The Patch goes out of my mind - but thanks.

I've reviewed this patch, and there's quite a few things wrong with it:

• It uses Snoopy, which is unnecessary. We've got the Http class to make HTTP requests; if it doesn't support something you need, then add support rather than adding an external library
• Lots of un-i18n-ed error messages and/or debugging stuff. Most of it's in English but one is actually in German. Also, using echo or die() for error messages is not acceptable (not sure offhand how it would be done though)
• New $wg vars should be added to DefaultSettings.php (to protect against register_globals) and documented
• Uses $wgTitle and uses direct member access (->mPrefixedText) instead of using getters (->getPrefixedText())
• Uses unserialize() without checking for errors
• From reading the code I'm not convinced this patch will even work. It obtains login cookies, but then doesn't seem to use them

For these reasons I'm marking the patch as obsolete.

Comment on attachment 7773
modifications in the HttpFunctions.php File to access a secure mediawiki-repository.

• HttpFunctions.php 2009-01-08 07:56:11.000000000 +0100

+++ HttpFunctions_new.php 2010-11-01 11:47:57.000000000 +0100
@@ -78,6 +78,65 @@

				}
			}

+ global $wgAuthenticatedRepository, $wgAuthenticatedRepositoryUser, $wgAuthenticatedRepositoryPassword, $wgShowAuthenticatedRepositoryError;
+ $text = '';
+ if ( $wgAuthenticatedRepository ) {
+ require_once 'extensions/Snoopy-1.2.4/Snoopy.class.php';
+ $index = '';
+ $login = '';
+
+ $wikiPath = "";
+ if (!preg_match('/(.*)\/index.php\/(.*)\?(.*)/', $url, $matches)) {
+ echo "nicht gefunden";
+ } else {
+ $wikiPath = $matches[1];
+ }
+
+ $apiPath = "$wikiPath/api.php";
+ $indexPath = "$wikiPath/index.php";
+ $title = $wgTitle->mPrefixedText;
+
+ $snoopy = new Snoopy;
+
+ $request_vars = array('action' => 'login', 'lgname' => $wgAuthenticatedRepositoryUser, 'lgpassword' => $wgAuthenticatedRepositoryPassword, 'format' => 'php');
+ if(!$snoopy->submit($apiPath, $request_vars))
+ die("Snoopy error: {$snoopy->error}");
+
+ // We're only really interested in the cookies
+ $snoopy->setcookies();
+ $token = unserialize($snoopy->results);
+ $error = true;
+ $token2 = array();
+
+ if ( $token['login']['result'] == 'NeedToken') {
+ $request_vars = array('action' => 'login', 'lgname' => $wgAuthenticatedRepositoryUser, 'lgpassword' => $wgAuthenticatedRepositoryPassword, 'lgtoken' => $token['login']['token'], 'format' => 'php');
+ if(!$snoopy->submit($apiPath, $request_vars))
+ die("Snoopy error: {$snoopy->error}");
+ $token2 = unserialize($snoopy->results);
+ }
+ else if ( ($token['login']['result'] == 'NoName') ) {
+ wfDebug( METHOD . ": Wrong or no User for wgAuthenticatedRepositoryUser in the LocalSetting. \n" );
+ if ( $wgShowAuthenticatedRepositoryError ) $text = "Wrong or no User for <i>wgAuthenticatedRepositoryUser</i> in the LocalSetting.<br/>";
+ }
+
+
+ if ( ($token2['login']['result'] == 'Success') or ($token['login']['result'] == 'Success') ) {
+ $request_vars = array('action' => 'raw', 'title'=>$title, 'lgtoken' => $token['login']['token'], 'format' => 'php');
+ if(!$snoopy->submit($indexPath, $request_vars))
+ die("Snoopy error: {$snoopy->error}");
+ $text = $snoopy->results;
+ }
+ else if ( ($token2['login']['result'] == 'WrongPass') or ($token2['login']['result'] == 'WrongPluginPass') or ($token2['login']['result'] == 'EmptyPass') ) {
+ wfDebug( METHOD . ": Wrong or no Password for wgAuthenticatedRepositoryPassword in the LocalSetting." );
+ if ( $wgShowAuthenticatedRepositoryError ) $text = "Wrong or no Password for <i>wgAuthenticatedRepositoryPassword</i> in the LocalSetting.<br/>";
+ }
+ else if ( ($token2['login']['result'] == 'NotExists') ) {
+ wfDebug( METHOD . ": Wrong or no User for wgAuthenticatedRepositoryUser in the LocalSetting. \n" );
+ if ( $wgShowAuthenticatedRepositoryError ) $text = "Wrong or no User for <i>wgAuthenticatedRepositoryUser</i> in the LocalSetting.<br/>";
+ }
+ }
+ else
+ {

			ob_start();
			curl_exec( $c );
			$text = ob_get_contents();

@@ -97,6 +156,7 @@

				$text = false;
			}
			curl_close( $c );

+ }

		} else {
			# Otherwise use file_get_contents...
			# This doesn't have local fetch capabilities...