Author: prollius
Description:
Although the header of Lockdown.php says "NOTE: you cannot GRANT access to things forbidden by $wgGroupPermissions. You can only DENY access granted there." the mere inclusion of Lockdown.php leads to this configuration being ignored:
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['user']['edit'] = true;
Any user has edit privileges when Lockdown is active.
This is discussed here: http://www.mediawiki.org/wiki/Extension_talk:Lockdown#Seconded_-_Overriding_.24wgGroupPermissions.3F
Version: unspecified
Severity: critical