[wicked] Re: turning off revert
mbox mbarsalou
barjunk at attglobal.net
Fri Dec 3 12:57:50 PST 2004
Thanks!
OK...it's interesting that Jan mentioned the search robot, because the
IP belongs to fastsearch.net, so this seems likely.
I went through the logs and found this. It was associated to the IP
doing the "updating".
HTTP/1.0" 200 9162 "-" "FAST-WebCrawler/3.8/Scirus
(scirus-crawler at fast.no; http://www.scirus.com/srsapp/contactus/)"
I found the section in the Browser.php that needs to be updated, but
what piece of this data do I add in?
Mike B.
> Message: 2
> Date: Fri, 3 Dec 2004 15:38:59 +0100
> From: Jan Schneider <jan at horde.org>
> Subject: Re: [wicked] turning off revert
> To: wicked at lists.horde.org
> Message-ID: <20041203153859.3tvqnhew748w40gw at jan.dip.ammma.net>
> Content-Type: text/plain; charset=ISO-8859-15; format="flowed"
>
> Zitat von "Jason M. Felice" <jfelice at cronosys.com>:
>
> > On Wed, Dec 01, 2004 at 10:01:50PM -0900, Barsalou wrote:
> >> What permissions would I have to set to disable revert? What other
> >> functionality would I lose by doing that?
> >>
> >> We are experiencing an issue where someone has decided to automate the
> >> revert process and "attack" our wiki.
> >>
> >> Just wondering if there was a way to set the security to protect against
> >> that.
> >>
> >> I know I can ban the individual IP, but don't want to end up chasing
> >> individual IP's.
> >>
> >> Thanks for any insights.
> >
> > The code checks if the user has edit permission to the page before
> > reverting, so that's the only way to prevent it. I'm assuming you don't
> > want to do that because you want public access to the wiki-- really
> > there isn't a way to prevent just reversions. If someone is scripting
> > it, they could as well write a script to resubmit their text as though a
> > user were editing the page, and so preventing the use of the 'revert'
> > feature probably will just inspire his or her creativity <g>
>
> Btw, this "script" may be a search engine robot, you should check your logs
> and provide a patch to Browser.php if this is the case.
>
> Jan.
>
> --
> Do you need professional PHP or Horde consulting?
> http://horde.org/consulting/
>
>
> ------------------------------
>
> Message: 3
> Date: Fri, 3 Dec 2004 10:16:40 -0500
> From: "Jason M. Felice" <jfelice at cronosys.com>
> Subject: [wicked] Re: [dev] wicked permissions, attempt #2
> To: Ben Chavet <ben at chavet.net>
> Cc: wicked at lists.horde.org
> Message-ID: <20041203151640.GB1012 at cronosys.com>
> Content-Type: text/plain; charset=us-ascii
>
> On Thu, Dec 02, 2004 at 11:35:50PM -0600, Ben Chavet wrote:
> > >I wasn't real sure about this part either. I can see benefits to either
> > >way,
> > >but I think I agree now that they should be in pages:, if for no other
> > >reason
> > >than to keep listPages() as simple as possible.
> >
> > Here is a patch to api.php to show the "special pages" in the permission UI.
> >
> > --Ben
>
> Would you be willing, instead, to change getPages() to return the names of
> special pages by checking the contents of lib/Page/*.php and filtering out
> 'StandardPage'? This would meet my need for simplicity, and it would
> also solve the "special pages look deleted" issue. If not, I'll commit this
> and a note in TODO.
>
> Thanks!
>
> > ? wicked.patch
> > Index: lib/api.php
> > ===================================================================
> > RCS file: /repository/wicked/lib/api.php,v
> > retrieving revision 1.10
> > diff -u -r1.10 api.php
> > --- lib/api.php 31 May 2004 18:22:51 -0000 1.10
> > +++ lib/api.php 3 Dec 2004 05:33:32 -0000
> > @@ -29,6 +29,27 @@
> > $perms['tree']['wicked']['pages'] = array();
> > $perms['title']['wicked:pages'] = _("Pages");
> >
> > + $perms['tree']['wicked']['pages'] = array();
> > + $perms['title']['wicked:pages'] = _("Pages");
> > +
> > + $perms['tree']['wicked']['pages']['AllPages'] = false;
> > + $perms['title']['wicked:pages:AllPages'] = 'AllPages';
> > +
> > + $perms['tree']['wicked']['pages']['LeastPopular'] = false;
> > + $perms['title']['wicked:pages:LeastPopular'] = 'LeastPopular';
> > +
> > + $perms['tree']['wicked']['pages']['MostPopular'] = false;
> > + $perms['title']['wicked:pages:MostPopular'] = 'MostPopular';
> > +
> > + $perms['tree']['wicked']['pages']['PageSearch'] = false;
> > + $perms['title']['wicked:pages:PageSearch'] = 'PageSearch';
> > +
> > + $perms['tree']['wicked']['pages']['RecentChanges'] = false;
> > + $perms['title']['wicked:pages:RecentChanges'] = 'RecentChanges';
> > +
> > + $perms['tree']['wicked']['pages']['TitleSearch'] = false;
> > + $perms['title']['wicked:pages:TitleSearch'] = 'TitleSearch';
> > +
> > foreach ($wicked->getPages() as $pageName) {
> > $perms['tree']['wicked']['pages'][$pageName] = false;
> > $perms['title']['wicked:pages:' . $pageName] = $pageName;
>
> --
> Jason M. Felice
> Cronosys, LLC <http://www.cronosys.com/>
> 216.221.4600 x302
>
>
> ------------------------------
>
> Message: 4
> Date: Fri, 3 Dec 2004 09:26:27 -0600
> From: Ben Chavet <ben at chavet.net>
> Subject: [wicked] Re: [dev] wicked permissions, attempt #2
> To: wicked at lists.horde.org
> Message-ID: <20041203092627.htunmn59oeuoowgw at calmit.unl.edu>
> Content-Type: text/plain; charset=ISO-8859-1; format="flowed"
>
> I can certainly do that.
>
> --Ben
>
> Quoting "Jason M. Felice" <jfelice at cronosys.com>:
>
> > On Thu, Dec 02, 2004 at 11:35:50PM -0600, Ben Chavet wrote:
> >> >I wasn't real sure about this part either. I can see benefits to either
> >> >way,
> >> >but I think I agree now that they should be in pages:, if for no other
> >> >reason
> >> >than to keep listPages() as simple as possible.
> >>
> >> Here is a patch to api.php to show the "special pages" in the permission UI.
> >>
> >> --Ben
> >
> > Would you be willing, instead, to change getPages() to return the names of
> > special pages by checking the contents of lib/Page/*.php and filtering out
> > 'StandardPage'? This would meet my need for simplicity, and it would
> > also solve the "special pages look deleted" issue. If not, I'll commit this
> > and a note in TODO.
> >
> > Thanks!
> >
> >> ? wicked.patch
> >> Index: lib/api.php
> >> ===================================================================
> >> RCS file: /repository/wicked/lib/api.php,v
> >> retrieving revision 1.10
> >> diff -u -r1.10 api.php
> >> --- lib/api.php 31 May 2004 18:22:51 -0000 1.10
> >> +++ lib/api.php 3 Dec 2004 05:33:32 -0000
> >> @@ -29,6 +29,27 @@
> >> $perms['tree']['wicked']['pages'] = array();
> >> $perms['title']['wicked:pages'] = _("Pages");
> >>
> >> + $perms['tree']['wicked']['pages'] = array();
> >> + $perms['title']['wicked:pages'] = _("Pages");
> >> +
> >> + $perms['tree']['wicked']['pages']['AllPages'] = false;
> >> + $perms['title']['wicked:pages:AllPages'] = 'AllPages';
> >> +
> >> + $perms['tree']['wicked']['pages']['LeastPopular'] = false;
> >> + $perms['title']['wicked:pages:LeastPopular'] = 'LeastPopular';
> >> +
> >> + $perms['tree']['wicked']['pages']['MostPopular'] = false;
> >> + $perms['title']['wicked:pages:MostPopular'] = 'MostPopular';
> >> +
> >> + $perms['tree']['wicked']['pages']['PageSearch'] = false;
> >> + $perms['title']['wicked:pages:PageSearch'] = 'PageSearch';
> >> +
> >> + $perms['tree']['wicked']['pages']['RecentChanges'] = false;
> >> + $perms['title']['wicked:pages:RecentChanges'] = 'RecentChanges';
> >> +
> >> + $perms['tree']['wicked']['pages']['TitleSearch'] = false;
> >> + $perms['title']['wicked:pages:TitleSearch'] = 'TitleSearch';
> >> +
> >> foreach ($wicked->getPages() as $pageName) {
> >> $perms['tree']['wicked']['pages'][$pageName] = false;
> >> $perms['title']['wicked:pages:' . $pageName] = $pageName;
> >
> > --
> > Jason M. Felice
> > Cronosys, LLC <http://www.cronosys.com/>
> > 216.221.4600 x302
> >
>
>
>
>
> ------------------------------
More information about the wicked
mailing list