Page MenuHomePhabricator
Create Task
Maniphest T59115

Installer should set $wgNoFollowLinks to false in LocalSettings.php if "Authorized editors only" user rights profile is selected
Closed, ResolvedPublic
Actions

Description

The installer should set $wgNoFollowLinks to false in LocalSettings.php if the "Authorized editors only" or "Private wiki" user rights profile is selected. These wikis cannot be attacked by spambots because editing is only by registered users and registration is by invitation only. Therefore, there is no need to use nofollow to deter spam.

Nofollow would in fact likely be counterproductive to the wiki owner's purposes, since it would hinder him from raising the pagerank of sites he and his small circle of approved editors link to, and which he therefore presumably wants to attract traffic to. We should act under the assumption that he would prefer to have nofollow switched off.

Version: unspecified
Severity: minor

Details

Reference
bz57115

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 2:14 AM
bzimport added projects: MW-1.23.0-release, MediaWiki-Installer.
bzimport set Reference to bz57115.
leucosticte created this task.Nov 15 2013, 10:19 PM
leucosticte added a comment.Nov 16 2013, 12:04 AM

Actually, scratch that part about the "private wiki" -- those wouldn't be accessible to the general public even to read.

Nemo_bis added a comment.Nov 16 2013, 12:16 AM

Makes sense, though it would need a comment inviting the sysadmin to revisit the config if they later change access (can the installer control in what order configs are?). Just in case someone chooses the profile temporarily and then changes LocalSettings.php.

leucosticte added a comment.Nov 16 2013, 2:08 AM

Okay, so it will need to be explained in a clear and succinct way in a LocalSettings.php comment. How about: "Set $wgNoFollowLinks to true if you open up your wiki to editing by the general public and wish to apply nofollow to external links as a deterrent to spammers."

gerritbot added a comment.Nov 16 2013, 4:54 AM

Change 95755 had a related patch set uploaded by leucosticte:
Set $wgNoFollowLinks to false if "Authorized editors only" selected

https://gerrit.wikimedia.org/r/95755

leucosticte added a comment.Nov 16 2013, 7:12 AM

(In reply to comment #2)

Makes sense, though it would need a comment inviting the sysadmin to revisit
the config if they later change access (can the installer control in what
order
configs are?). Just in case someone chooses the profile temporarily and then
changes LocalSettings.php.

LocalSettingsGenerator.php controls the order of the configs. The group permissions are right before the "End of automatically generated settings." This patch will put $wgNoFollowLinks and its explanatory comment right after the group rights, so that if/when the system administrator goes to change those to open up the wiki to edits by the general public, hopefully he'll see that too.

Unless the "*" (anon) read right is set to true and the "*" edit right is set to false, $wgNoFollowLinks and its explanatory comment won't appear at all in LocalSettings.php, as it currently doesn't.

gerritbot added a comment.Dec 3 2013, 8:17 PM

Change 95755 merged by jenkins-bot:
Set $wgNoFollowLinks to false iff "Authorized editors only" selected

https://gerrit.wikimedia.org/r/95755

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL