Release status: stable
|Description||Restriction that allows only privileged users to create userpages for non-existent users.|
|MediaWiki||1.6 to 1.11, 1.12a(>=r26568) (See warning), 1.13+|
|Check usage and version matrix|
This extension implements a restriction that allows only privileged users to create userpages for non-existent users. With this extension installed, new page creation at the root level of the User: namespace is blocked unless the creator's username is the same as the desired page name or the user has been assigned the createbogususerpage right (see user rights below for how to do that). Without this extension, anyone with the right to create pages in the user namespace can create bogus pages for users who do not exist on the wiki.
- Download a snapshot. Choose the version that matches your version of MediaWiki. Create a directory
$IP/extensionsdirectory. Extract the files to this
- Add to the bottom of LocalSettings.php.require_once( "$IP/extensions/NoBogusUserpages/NoBogusUserpages.php" );
- Installation can now be verified through Special:Version of your wiki.
User rights Edit
- Allows users to create bogus userpages. By default this is given just to sysops.
$wgGroupPermissions['*' ]['createbogususerpage'] = false; $wgGroupPermissions['sysop']['createbogususerpage'] = true;
Alpha Warning Edit
We use version testing to tell us if we are inside of MediaWiki 1.12a or are in a version previous to 1.12. Unfortunately, this does not tell us if the wiki is running the alpha revision which has the new hook. And because of this, if you are running MediaWiki 1.12a, but you are running a version before r26568, this extension could actually be a security flaw. Meaning, it is possible that in MediaWiki 1.12a, before r26568 the extension will allow any user to create a userpage for a bogus user, even if you disallow page creation for them in general. (So even an anon who is not allowed to create any pages, but can edit, will be able to create bogus userpages as a result of this)
If you are running MediaWiki 1.12, please upgrade to r26568 or newer, apply r26568 as a patch to your code. Or hack the extension to only use the 'userCan' and false values in the code.