Re: [MediaWiki-l] Login window in a wiki using js

On Thu, Mar 17, 2016 at 5:27 AM, John wrote: > Be aware that using any other page than Speical:UserLogin to login can > cause account compromises or session hijacking. > To clarify, any administrator on your site will be able to add javascript that could read your

Re: [MediaWiki-l] CentralAuth help

Hi Jasmine, There are a lot of things that can go wrong. Are you saying the global account exists, but the user can't login to a wiki where they aren't attached (and would then be autocreated)? If so, make sure there isn't an existing, unattached account with the same name, which would prevent

Re: [MediaWiki-l] sessions in memcached and logins

I use that configuration, and it works ok. I'm running almost master. Make sure you have enough free cache that nothing is being evicted. On Tue, Nov 3, 2015 at 12:47 PM, Tim Dunphy wrote: > Hey guys, > > I notice that there's no way to log into my wiki if I have these

Re: [MediaWiki-l] storing sessions in memcached

I've seen similar issues when memcached is getting close to its max capacity. Make sure stuff isn't getting evicted frequently. You can also lookup the memcache key generation in the User class and look up the key directly, but I don't recall there being a good way to check it otherwise. On Oct

Re: [MediaWiki-l] Embedded login and account creation

gt; You should add them. MediaWiki will set X-Frame-Options: DENY by default on API results and edit pages, but if you have a login box on every page, then you'll need to set that from your webserver for every page (or you could add a patch to mediawiki to do it). > > Ad > > > Op 30 sep.

Re: [MediaWiki-l] Embedded login and account creation

esen.name/] > > On 2015-09-30 9:33 AM, Tyler Romeo wrote: > > Is there a bug filed for that? > > On Sep 30, 2015 12:13, "Daniel Friesen" <dan...@nadir-seen-fire.com> > wrote: > > > >> On 2015-09-30 8:48 AM, Chris Steipp wrote: > >>>

Re: [MediaWiki-l] Embedded login and account creation

Hi Ad, There are some security considerations if you're going to do that: * We disable site and user .js on Special:UserLogin, so a malicious admin can't add password sniffing javascript to the login page * We disable framing the page to prevent various redressing attacks * If your site is mixed

Re: [MediaWiki-l] Login info

With core mediawiki, not really. There is a user_touched timestamp on the user table which is updated when the user logs in or does various other things on the site. There is also the account audit extension which the WMF used to use to track login timestamp. That sounds like what you want. On

Re: [MediaWiki-l] MediaWiki and Joomla

/index.php/mediawiki-bridge or http://www.bestofjoomla.com/component/option,com_mtree/task,viewlink/link_id,1046/Itemid,46/ I haven't personally used either of those, but possibly someone else on the list has? On Mon, Jul 27, 2015 at 2:30 PM, Chris Steipp cste...@wikimedia.org wrote: You

Re: [MediaWiki-l] MediaWiki and Joomla

You can have both authenticate to the same ldap instance to have synchronized logins. Or synchronize the password hashes and extend MediaWiki's password class to use the Joomla format. But if you want true SSO, you'll need to have Joomla provide identities or setup Joomla to consume MediaWiki's

[MediaWiki-l] [MediaWiki-announce] MediaWiki bug fix release 1.25.1

Hello everyone, The ConfirmEdit extension in the 1.25.0 tarball contained a syntax error in two JSON files. We deeply apologize for this error, and thanks to Paul Villiger for reporting the issue. A new 1.25.1 tarball has been released which fixes the issue. Users using git can update to the

Re: [MediaWiki-l] authenticating one MediaWiki instance against another?

Extension:OAuthAuthentication? There are directions they're for enwiki, but loginwiki would be just a slight variation. If you run into issues, let me know. On Apr 4, 2015 12:18 PM, Ivan Shmakov i...@siamics.net wrote: I see that there exists at least one extension [1] to

[MediaWiki-l] MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2

I would like to announce the release of MediaWiki 1.24.2, 1.23.9 and 1.19.24. These releases fix 10 security issues, in addition to other bug fixes. Download links are given at the end of this email. == Security fixes == * iSEC Partners discovered a way to circumvent the SVG MIME blacklist for

[MediaWiki-l] Pre-Release Announcement for MediaWiki 1.19.24, 1.23.9, 1.24.2

This is a notice that on Tuesday, March 31st between 21:00-22:00 UTC (2-3pm PDT) Wikimedia Foundation will release security updates for current and supported branches of the MediaWiki software. Downloads and patches will be available at that time. ___

Re: [MediaWiki-l] non whitelisted namespaces?

That's the xml namespace of an element, which we whitelist since a number of namespaces introduce way to execute javascript. You can add it to the list in UploadBase.php, and feel free to push the change back up and I'll add it if it looks sane. On Thu, Mar 26, 2015 at 11:29 AM, Bill Traynor

Re: [MediaWiki-l] [mwstake] What should we focus on?

On Tue, Jan 27, 2015 at 5:26 PM, Chris Tharp tharpena...@gmail.com wrote: I agree completely with Boris about access control. Only with a combination of Two extensions: Lockdown and SemanticACL have I ever been able to get to a reasonable level of access control that I desired for my wikis.

Re: [MediaWiki-l] Upload-problems in Xampp-environment

I haven't run SLES in a few years, but your issue might be apparmor preventing writes in the web root. Is youre webserver listed when you run aa-status? On Tue, Nov 11, 2014 at 5:52 AM, Katharina Wolkwitz wolkw...@fh-swf.de wrote: Hello everybody, I'm running my mediawiki-installation in a

Re: [MediaWiki-l] [Wikitech-l] MediaWiki:Common.js and MediaWiki:Common.css blocked on Special:Login and Special:Preferences

On Thu, Nov 6, 2014 at 11:41 AM, Derric Atzrott datzr...@alizeepathology.com wrote: This seems completely reasonable to me. I'd merge is personally. Is there any reason not to? It's fairly easy to inject javascript via css, so merging that patch means an admin can run javascript on the

Re: [MediaWiki-l] Off topic: Wiki spammer is using spoofed IP addresses???

On Fri, Oct 24, 2014 at 1:34 PM, Arcane 21 arc...@live.com wrote: Spammers might be using something similar to the IPfuck Firefox/Chrome extension, which fakes an IP address instead of allowing the real IP to be recorded, not sure how we can defend against that sort of thing at present.

[MediaWiki-l] Security fixes for CentralAuth and MobileFrontend extensions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 A number of security issues in MediaWiki extensions have been fixed. Users of these extensions should update to the latest version. * CentralAuth: Internal review found multiple issues that have been resolved: ** (bug 70469) Special:MergeAccount

Re: [MediaWiki-l] Reset MediaWiki password without email

It could be the user object in your cache. Try eval.php to do something like: $u = User::newFromName( 'someuser' ); $u-setPassword( 'somepass' ); $u-saveSettings(); On Wed, Sep 24, 2014 at 11:23 PM, Tongjie Li snow8...@gmail.com wrote: hi,all I have a question of how to reset

Re: [MediaWiki-l] Registration/login with LinkedIn

I don't know of an extension that does OAuth logins as a client, that would be compatible with Linkedin. I think there is an extension for Google login, which should be based on OAuth2/OIDC, which would probably work. Extension:OAuth is for running an OAuth 1.0a server, which would allow other

Re: [MediaWiki-l] Registration/login with LinkedIn

On Mon, Aug 18, 2014 at 6:29 AM, Ad Strack van Schijndel ad.strackvanschijn...@gmail.com wrote: What security aspects are you referring to? OAuth itself is only meant for authorization, so if you make a call to find out information about the current user (it looks like linkedin encourages using

Re: [MediaWiki-l] How to allow upload of SVGs with links?

You should be able to temporarily set $wgDisableUploadScriptChecks to false. On Mon, Jul 21, 2014 at 5:27 AM, David Gerard dger...@gmail.com wrote: By default, MediaWiki sensibly blocks upload of SVGs with links. However, we'd like to upload some to our intranet wiki (1.19). Is there a

Re: [MediaWiki-l] memcached is losing MediaWiki sessions - tips for debugging?

On Mon, Jun 16, 2014 at 9:08 AM, Daniel Barrett d...@vistaprint.com wrote: In the past few weeks, we've been seeing the Loss of session data error message in our wiki frequently when users try to save their edited articles (and the save fails). Our best guess is that memcached, which stores

Re: [MediaWiki-l] Global Settings

Legoktm's global css/js is a step towards this (I can't remember why that isn't deployed yet). Loginwiki is probably the wrong place to store global preferences, but you're right it sets precedent for having a centralized wiki managing an aspect of the user's session. The big SUL finalization

Re: [MediaWiki-l] uploading Lua logo XML can't be parsed?

You would get that error if libxml can't parse the xml in the svg file. Either you have a corrupted file, or the file had invalid xml and was uploaded before we actually checked that the whole file was parsed. On Wed, May 28, 2014 at 7:43 AM, Bill Traynor btray...@gmail.com wrote: I'm trying

Re: [MediaWiki-l] Auto-login

On Wed, Apr 30, 2014 at 11:52 AM, Glen glen...@gmail.com wrote: Hi, I want to log a user into our wiki if they are logged into our website. I assume that I need to use the UserLoadFromSession hook, but at this point in the code, the MW session is already active. Does it make sense to close

Re: [MediaWiki-l] Older patches for 1.19?

Yeah, that was an accident that they were deleted. It's easy to regenerate them from the repo, I just haven't gotten around to it. If anyone wants to help, I'm happy to review and upload. On Mar 2, 2014 12:37 PM, K. Peachey p858sn...@gmail.com wrote: There is a open bug about their missing state

Re: [MediaWiki-l] 18 known issues with past releases

Hi Nemo, I don't want to make any promises for Mark and Markus, but I believe there are plans to do another release soon to close more of the bugfixes. I asked them to hold off on combining too many bug fixes with the last security release, since I wanted to make it easy for everyone to apply the

[MediaWiki-l] Please update for the latest security patch

Hi lists, If you haven't patched with the last security release, or know of a wiki that hasn't patched yet, please do so immediately. An exploit was released on the full disclosure mailing list over the weekend[1] that targets the vulnerability in the PdfHandler extension. If you're not able to

[MediaWiki-l] MediaWiki Security Releases: 1.22.2, 1.21.5 and 1.19.11

I would like to announce the release of MediaWiki 1.22.2, 1.21.5 and 1.19.11. Your MediaWiki installation is affected by a remote code execution vulnerability if you have enabled file upload support for DjVu (natively supported by MediaWiki) or PDF files (in combination with the PdfHandler

[MediaWiki-l] Pre-Release Announcement for MediaWiki 1.22.2, 1.21.5, and 1.19.11

This is a notice that on Tuesday, Jan 28th between 21:00-22:00 UTC (1-2pm PST) Wikimedia Foundation will release critical security updates for current and supported branches of the MediaWiki software and extensions. Downloads and patches will be available at that time, with the git repositories

Re: [MediaWiki-l] How to switch to HTTPS for logins

On Jan 22, 2014 7:29 AM, Al alj62...@yahoo.com wrote: Hi, I have SSL setup and working with apache and can browse the site with http or https, but does anyone know how to make mediaWiki switch to https when logging on? Or, at the very least, switch temporarily just for the login? If you can

Re: [MediaWiki-l] CentralAuth: Global accounts not globally usable

On Sat, Jan 11, 2014 at 2:05 AM, Till Kraemer i...@till-kraemer.com wrote: # Activates the redirect to the central login wiki #$wgCentralAuthLoginWiki = 'poolwiki'; Things will work a little better if you have a central wiki defined. Since you have a poolwiki, you may want to make that

Re: [MediaWiki-l] CentralAuth: Global accounts not globally usable

On Mon, Jan 13, 2014 at 11:52 AM, Till Kraemer i...@till-kraemer.comwrote: Hi Chris, thanks a lot for your help! Things will work a little better if you have a central wiki defined. Since you have a poolwiki, you may want to make that central. Users should never know it's there, but

[MediaWiki-l] MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10

I would like to announce the release of MediaWiki 1.22.1, 1.21.4 and 1.19.10. These releases fix a number of security related bugs that could affect users of MediaWiki. In addition, MediaWiki 1.22.1 is a maintenance release. It fixes several bugs. You can consult the RELEASE-NOTES-1.22 file for

[MediaWiki-l] Pre-Release Announcement for MediaWiki 1.19.10, 1.21.4, and 1.22.1

This is a notice that on Tuesday, January 14th between 00:00-01:00 UTC (*Monday* January 13th, 4-5pm PST) Wikimedia Foundation will release security updates for current and supported branches of the MediaWiki software, as well as several extensions. Downloads and patches will be available at that

Re: [MediaWiki-l] Sign-off extension?

On Dec 12, 2013 8:05 AM, John phoenixoverr...@gmail.com wrote: An even easier solution would be to get a javascript gadget that grabs the current page title and saves it along with on a log page If you need something simple, do this. It should honestly be about 10 lines of JavaScript. If

Re: [MediaWiki-l] Patch files for 1.19.8?

That's odd. I don't think it's intentional that those are missing. Here's the core patch for 1.19.7-1.19.8 in the meantime. On Wed, Nov 20, 2013 at 3:37 AM, David Gerard dger...@gmail.com wrote: I thought I should probably upgrade our intranet wikis from 1.19.7 to 1.19.9. I go to

Re: [MediaWiki-l] Patch files for 1.19.8?

Seems mediawiki-l strips them. I blame marktraceur. http://pastebin.com/cifbq6w1 On Wed, Nov 20, 2013 at 11:06 AM, David Gerard dger...@gmail.com wrote: On 20 November 2013 18:52, Chris Steipp cste...@wikimedia.org wrote: That's odd. I don't think it's intentional that those are missing

[MediaWiki-l] MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9

I would like to announce the release of MediaWiki 1.21.3, 1.20.8 and 1.19.9. These releases fix 2 security related bugs that could affect users of MediaWiki. Download links are given at the end of this email. * Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for

Re: [MediaWiki-l] Vector extension broken in 1.19.9

Hi Killian, Our build scripts packaged the wrong extension branch with the initial tarballs I released. If you redownload them, you should get the correct version of Vector. Apologies for that. On Thu, Nov 14, 2013 at 4:16 PM, Kilian Evang maschinenr...@texttheater.net wrote: Hi all, the

Re: [MediaWiki-l] $wgNoFollowLinks

On Wed, Nov 13, 2013 at 1:59 AM, Nathan Larson nathanlarson3...@gmail.comwrote: You're right; if more wikis were to switch off nofollow, it almost certainly would encourage spammers to target MediaWiki more. That in turn would likely tend to prompt affected site owners to install more/better

[MediaWiki-l] Pre-Release Announcement for MediaWiki 1.19.9, 1.20.8, and 1.21.3

This is a notice that on Thursday, November 14th between 21:00-22:00 UTC (1-2pm PST) Wikimedia Foundation will release security updates for current and supported branches of the MediaWiki software, as well as several extensions. Downloads and patches will be available at that time.

Re: [MediaWiki-l] $wgNoFollowLinks

I'm opposed to this change. A site administrator with a big enough community to address spammy links, and wants to enable this feature, is likely savvy enough to change the preference from true to false. I think setting this to false by default is going to encourage spam bot authors to target

Re: [MediaWiki-l] $wgServer and short URL's

I'm not sure if I fully recommend it, but I've gotten around this by adding a conditional in my LocalSettings.php to set $wgServer to the ip if $_SERVER[REMOTE_ADDR] looks like my local network. Probably safe enough for temporary access. $wgServer is used to construct urls, like the css links, so

Re: [MediaWiki-l] Attempting to install MediaWiki, getting session_start() errors

If you're using centos 6, definitely try *temporarily* disabling selinux make sure your policy isn't preventing access. On Nov 3, 2013 11:29 AM, Tony Robinson deusexmachina...@gmail.com wrote: Hello, I'm trying to install MediaWiki on CentOS with php-fpm, memcached, and nginx over SSL. If

Re: [MediaWiki-l] What's the secret to using ip_in_range() with AbuseFilter

It accepts a pretty wide range of formats (see IP::parseRange()). So, ip_in_range(user_name, '127.0.0.1/16') ip_in_range(user_name, '127.0.0.1') ip_in_range(user_name, '127.0.0.0-127.0.255.255') Will all trigger for a localhost editor. On Wed, Oct 23, 2013 at 3:32 AM, Al alj62...@yahoo.com

Re: [MediaWiki-l] User authentication via LDAP or (!) local users?

There is a fallback to local wiki authentication, if your LDAP config doesn't prevent it. Iirc by default the LDAP extension does disable it however. For a quick fix, you can disable the extension (comment it the include in you LocalSettings.php), then login with any account in you database that

Re: [MediaWiki-l] Are passwords hashed and salted both?

The default is md5( $salt - md5( $password ) ). So salt and 2 hashes. On Thu, Oct 3, 2013 at 3:15 PM, Wjhonson wjhon...@aol.com wrote: Does the Mediawiki software using a simple hashing on the passwords? Or are they also salted? ___ MediaWiki-l

Re: [MediaWiki-l] upgrading from mediawiki 1.15 to newer version?

Hi Ken, I've run MediaWiki on RHEL 5 and 6 several times. You shouldn't have any issues with it (although watch out for selinux blocking writes to the default upload directory). Can you describe what problems you're having? Are you unzipping the tarball into the web root, or are you using the epel

[MediaWiki-l] MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8

I would like to announce the release of MediaWiki 1.21.2, 1.20.7 and 1.19.8. These releases fix 3 security related bugs that could affect users of MediaWiki. Download links are given at the end of this email. * Mozilla, and other developers, reported a full path disclosure in MediaWiki, when an

Re: [MediaWiki-l] Upload files issues in 1.21.1 mw

Oh, and if that's not it, make sure you have the image directory setup to point to the right place (which it should by default), and make sure any mandatory access control (apparmor/selinux) is configured to allow access too. On Jun 18, 2013 7:54 AM, Alex Monk kren...@gmail.com wrote: It sounds

Re: [MediaWiki-l] Wiki spam. Stronger fightback.

On Tue, May 28, 2013 at 9:14 AM, Jamie Thingelstad ja...@thingelstad.com wrote: I can — Nemo was referencing some dialog we had while I was trying to figure out performance issues on my farm. You can see the whole dialog, with graphs, here:

Re: [MediaWiki-l] login from an external site

Hi Zeng, If the external site is just another web application on a different domain, then this is probably not possible. At least, not possible to do in a secure way. If they share a domain, and mediawiki can read (and verify, and use) the other website's cookies, then you could write your own

Re: [MediaWiki-l] Wiki spam. Stronger fightback.

On Fri, May 24, 2013 at 6:09 PM, Daniel Friesen dan...@nadir-seen-fire.com wrote: On Fri, 24 May 2013 13:41:04 -0700, Al Johnson alj62...@yahoo.com wrote: Maybe mediawiki sites can unite to keep a global list of these IP's and block them as soon as they are submitted. Each mediawiki site can

Re: [MediaWiki-l] Wiki spam. Stronger fightback.

On Sat, May 25, 2013 at 2:56 AM, Mark A. Hershberger m...@everybody.org wrote: I run a spam/virus filtering email relay for some clients and I agree with most of what Richard says: Everything that's being discussed has already been done to combat email spam. It seems the appropriate thing to

Re: [MediaWiki-l] Wiki spam. Stronger fightback.

On Wed, May 22, 2013 at 10:07 AM, halz halz_antis...@yahoo.co.uk wrote: If you've ever set up a fresh MediaWiki and tried to leave it open to editing, you'll know about the problem of wiki spam. There's various well documented tricks to tackle the problem on your own wiki (although it seems

[MediaWiki-l] MediaWiki Security Release: 1.20.6 and 1.19.7

I would like to announce the release of MediaWiki 1.20.6 and 1.19.7. These releases fix a security related issue that could affect users of MediaWiki. Download links are given at the end of this email. * MediaWiki user Marco discovered that security checks for file uploads were not being run when

[MediaWiki-l] Pre-Release Announcement for MediaWiki 1.19.7 and 1.20.6

This is a notice that on Tuesday, May 21st between 20:00-21:00 UTC (1-2pm PDT) Wikimedia Foundation will release security updates for current and supported branches of the MediaWiki software. Downloads and patches will be available at that time, with the git repositories updated later that

Re: [MediaWiki-l] A few questions about integrating MediaWiki with another site

On Wed, May 8, 2013 at 10:14 AM, George Tsirigotakis tsirigotakis.geo...@gmail.com wrote: Hey Chad, Thank you for replying! I'm new at this, so I'd like to ask you another couple of questions: 1. How can I write an AuthPlugin? Is there a tutorial? http://www.mediawiki.org/wiki/AuthPlugin is

[MediaWiki-l] MediaWiki Security Release: 1.20.5 and 1.19.6

I would like to announce the release of MediaWiki 1.20.5 and 1.19.6. These releases fix 2 security related issues that could affect users of MediaWiki. Download links are given at the end of this email. * Jan Schejbal / Hatforce.com reported that SVG script filtering could be bypassed for Chrome

[MediaWiki-l] Pre-Release Announcement for MediaWiki 1.19.6 and 1.20.5

This is a notice that on Tuesday, April 30th between 20:00-21:00 UTC (1-2pm PDT) Wikimedia Foundation will release security updates for current and supported branches of the MediaWiki software. Downloads and patches will be available at that time, with the git repositories updated later that

[MediaWiki-l] MediaWiki Security Release: 1.20.4 and 1.19.5

I would like to announce the release of MediaWiki 1.20.4 and 1.19.5. These releases fix 3 security related bugs that could affect users of MediaWiki. Download links are given at the end of this email. * An internal review discovered that specially crafted Lua function names could lead to XSS.

Re: [MediaWiki-l] Spambots and CPU usage

On Sat, Mar 30, 2013 at 11:16 AM, Mark A. Hershberger m...@everybody.org wrote: On 03/30/2013 12:47 PM, Dan Fisher wrote: Is it a problem? Yes, they're constantly trying to break in and that increases CPU usage. I dont have any analysis to prove it I suggest that you rely on some proof.

Re: [MediaWiki-l] SMTP error from remote mail server after end of data

SPF can help, and is easy to setup. If you are already blocked by an individual provider (google in this case), then you usually have to contact them directly and let them know what you've done to make sure your domain isn't going to spam again. Also check and make sure your domain isn't on any

Re: [MediaWiki-l] Spam extension with per page filters and API accessable

On Thu, Feb 21, 2013 at 7:22 AM, Mark A. Hershberger m...@everybody.org wrote: On 02/20/2013 09:55 PM, Al Johnson wrote: Can anyone recommend a spam filter whereby one can specify a filter pattern along with the specific page to which the filter applies AND can be accessed and modified via the

Re: [MediaWiki-l] Third-Party Users Wish List - Does Anyone Know of Existing/Experimental Solutions?

I can help with something organizational). Any more details from the people who made the request would be nice-- like is this for an extension with a special page vs parser functions? Mariya On Mon, Jan 28, 2013 at 8:15 PM, Chris Steipp cste...@wikimedia.org wrote: Maria, I found your list

Re: [MediaWiki-l] Third-Party Users Wish List - Does Anyone Know of Existing/Experimental Solutions?

Maria, I found your list to be very helpful. Thanks for putting that together! On Mon, Jan 28, 2013 at 8:26 AM, Yury Katkov katkov.ju...@gmail.com wrote: Hi Maria! Let me clarify the situation about access control. There are several dozens of ways (!) to get the information of a wiki page - and

Re: [MediaWiki-l] Preventing Spam Pages

Hi Thomas, you can do that with AbuseFilter, and a rule that has the conditions: !autoconfirmed in user_groups length(added_links) 0 And in the action section, select Prevent the user from performing the action in question On Fri, Dec 21, 2012 at 1:46 PM, Thomas U. Grüttmüller

[MediaWiki-l] MediaWiki security release: 1.20.1, 1.19.3 and 1.18.6

MediaWiki security release: 1.20.1, 1.19.3 and 1.18.6 I would like to announce the release of MediaWiki 1.20.1, 1.19.3 and 1.18.6. These releases fix 3 security related bugs that could affect users of MediaWiki. Download links are given at the end of this email . Please note that support for the

[MediaWiki-l] Pre-Release Announcement for MediaWiki 1.18.6, 1.19.3, and 1.20.1

On Thursday, November 29th, between 21:00-22:00 UTC (1-2pm PST) Wikimedia Foundation will release security updates for current and supported branches of the MediaWiki software. We are providing this pre-announcement as a courtesy for administrators to be ready to accept the fix for these on

Re: [MediaWiki-l] Anyone using ClamAV with Mediawiki?

I was thinking it sounded like a chroot or mandatory access control issue. If you work out the transition rules for SELinux, please share! I've been working on getting AppArmor profiles defined for several of the external applications we call. I'll add one for clamav, in case that's an option for

Re: [MediaWiki-l] [Wikitech-l] Using mediawiki from within the Social networks?

It's possible, but it would be a little ugly. You could write a web frontend to what would basically be a proxy handling the work on the backend over the api. However, there is no secure way for a user to login through something like that, so all of the edits would have to come from your app and

Re: [MediaWiki-l] Spam-Benutzer-acounts löschen

A fairly detailed (if not super easy to use) place to start is http://www.mediawiki.org/wiki/Anti-spam_features, which points to various extensions that can help out. For a popular site, you'll need a holistic strategy for dealing with spam, which will include a few different tools, possibly

[MediaWiki-l] MediaWiki security release: 1.19.2 and 1.18.5

I would like to announce the release of MediaWiki 1.19.2 and 1.18.5. These releases fix 6 security related bugs that could affect users of MediaWiki. Download links are given at the end of this email. * Wikipedia administrator Writ Keeper discovered a stored XSS (HTML injection) vulnerability.