Re: Editing extension configuration from the wiki

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Editing extension configuration from the wiki

Jan Steinman-2
> From: Sigbert Klinke <[hidden email]>
>
> for my Extension Iframe I have for security reasons a key parameter…
>
> Is there a way how I can easily allow to edit the key list from the
> wiki, e.g. for all users with admin rights?

I don't know about "easily," but if you know some PHP, it shouldn't be too hard to make a special-purpose extension to do so, assuming the keys are stored in a global variable.

I'd start by looking at existing extensions that do something similar to what you want to do, then modifying a copy.

But in looking at your example, I don't really understand what security you are gaining by doing this. Surely, someone can guess the scheme and type URLs to the browser, no? Or am I missing something about this security scheme?

Jan


_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Editing extension configuration from the wiki

Robert Vogel
Hi!

A common approach to this is to use the MediaWiki I18N system. You
could define a message key (e.g. "my-iframe-whitelist").

On the Wiki users with the "edit-interface" permission (usually admins)
can then edit the page "MediaWiki:My-iframe-whitelist" and add list of
keys in form of wikitext.

In you extension code you can access this list by using `wfMessage('my-
iframe-whitelist')->plain()` and process it.

--
Robert Vogel

Am Freitag, den 05.04.2019, 05:18 -0700 schrieb Jan Steinman:

> >
> > From: Sigbert Klinke <[hidden email]>
> >
> > for my Extension Iframe I have for security reasons a key
> > parameter…
> >
> > Is there a way how I can easily allow to edit the key list from
> > the 
> > wiki, e.g. for all users with admin rights?
> I don't know about "easily," but if you know some PHP, it shouldn't
> be too hard to make a special-purpose extension to do so, assuming
> the keys are stored in a global variable.
>
> I'd start by looking at existing extensions that do something similar
> to what you want to do, then modifying a copy.
>
> But in looking at your example, I don't really understand what
> security you are gaining by doing this. Surely, someone can guess the
> scheme and type URLs to the browser, no? Or am I missing something
> about this security scheme?
>
> Jan
>
>
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l