Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#552 Hiding sensitive information

open
nobody
None
5
2004-06-30
2004-06-30
LqqkOut
No

I'm working on a documentation project that is meant to
provide a public information store while at the same time
presenting users with a higher access level additional,
less-public, data.

For example: A wiki that stores information about your
network infrastructure. The public data would consist of
server pictures, bliking lights, some flow diagrams, links
to manufacturer websites, and so on. Admin users who
view the page would also have the option of viewing the
config file backup and access passwords for the device
being described.

My first attempt at limiting information access was
based on the CSS div tag suggestion on the metawiki:
http://meta.wikipedia.org/wiki/Offensive_content
This works well for casual information hiding (which is
preserved through transcludes), but the content still
appears in the page source and edit pages.

My current method hijacks the Talk: namespace and
restricts access to Sysop users; it relies on a few well-
placed lines of code that do the following:
1. limit access to the Talk: namespace to administrative
users (based on the user->isSysop() method)

Add the following code to index.php after the
require_once lines that include the localsettings.php file

# Restrict viewing/editing of Talk: namespace articles
if ( !$wgUser->isSysop() && ((preg_match
("/^\/wiki\/index.php\/Talk\:/",$_SERVER['PHP_SELF']))
|| (array_key_exists("title",$_GET) && preg_match
("/^Talk:/",$_GET['title'])))){
header("Location:
http://jhouston/wiki/index.php/NoTalking");
exit;
}

2. strip all transcludes to the Talk: namespace

Add the following text to EditPage.php in function
editForm before the "save" action

# Strip {{Talk:}} transcludes
$this->textbox1=eregi_replace("{{talk:.*}}","",$this-
>textbox1);

Finally, another suggested implementation is to include
syntax for personal notes that are only accessible by
the currently logged in user, that way a user can easily
add personally relevant information to an article without
cluttering the original text. This could be accomplished
with a usernotes table in the wiki database, or with
some creative article text filtering/juggling.

Discussion

  • LqqkOut
    LqqkOut
    2004-06-30

    Logged In: YES
    user_id=1074400

    I forgot to add, another way to accomplish this goal could be
    interwiki transcludes - that way, the restricted access wiki
    articles could transclude in the information from the public
    wiki.

    Thanks for listening!