Extension:NSFileRepo
If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked.
For further details, see Security issues with authorisation extensions |
 Release status: stable |
|
|---|---|
| Implementation | User rights |
| Description | Implements per-namespace group permissions for image and file rights protection |
| Author(s) | Jack D. Pond, Robert Vogel |
| Maintainer(s) | Robert Vogel (Hallo Welt! GmbH) |
| Latest version | 1.35.0 |
| MediaWiki | 1.27, 1.35 |
| License | GNU General Public License 2.0 or later |
| Download | |
|
|
| Quarterly downloads | 5 (Ranked 127th) |
| Translate the NSFileRepo extension if it is available at translatewiki.net | |
| Issues | Open tasks · Report a bug |
The NSFileRepo extension restricts access to upload and read files and images to a given set of user groups associated with protected namespaces. Using this extension (within the security limitations noted above), you can protect not only pages and areas of your wiki, but also any uploaded images or files within those namespaces.
Namespaces are mechanism for grouping/separating wiki pages.
- See Help:Namespaces for more user help documentation on what they are and how they are used.
- See Manual:Namespace for system administration details on MediaWiki's namespace feature
- See Project:Namespaces for an explanation of how namespaces are used on mediawiki.org
Usage
Generically, you use the same syntax as a normal file reference link, adding the namespace between the file specifier ("File", "Image" or "Media") and the file name:
[[{FILE_NS}:{Namespace}:{Filename}]]
Example (where Private is the protected namespace and Filename.jpg is the file to which you wish to limit access):
[[File:Private:Filename.jpg]]
The standard for accessing files is generally:
[[File:Filename.jpg]] [[Image:Filename.jpg]] [[Media:Filename.jpg]]
This extension allows you to protect access to files by adding the namespace text identifier after the file namespace identifier, for example (where Private is the protected namespace and Filename.jpg is the file to which you wish to limit access):
[[File:Private:Filename.jpg]] [[Image:Private:Filename.jpg]] [[Media:Private:Filename.jpg]]
It may be helpful to understand the default security model used by MediaWiki using the instructions below:
Limitations of security are the same as for Extension:Lockdown. To review these limitations, see here.
To use the full capabilities of this extension (for example, specific namespace protections) you will need to install and use the namespace protections provided through Extension:Lockdown.
This extension was made possible by the introduction of Repository Classes by Tim Starling - an elegant and brilliant implementation. It uses a new Local Repository class mechanism. Technical details on how this extension works can be found here.
Installation
- Download and move the extracted
NSFileRepofolder to yourextensions/directory.
Developers and code contributors should install the extension from Git instead, using:cd extensions/
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/NSFileRepo - Add the following code at the bottom of your LocalSettings.php file:
wfLoadExtension( 'NSFileRepo' );
- Activate the Image authorization according to instructions found in Image authorization
- Configure at your convenience
Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
When working with REL1_27 and later, you will need to create a symlink of nsfr_img_auth.php within your mediawiki installation directory
On Linux use
ln -s extensions/NSFileRepo/nsfr_img_auth.php
On Windows use
mklink nsfr_img_auth.php extensions\NSFileRepo\nsfr_img_auth.php
Also make sure to set a proper value for $wgUploadPath. E.G.:
$wgUploadPath = "$wgScriptPath/nsfr_img_auth.php";
Configuration
The user rights and configuration requiremements are are the same as described in Extension Lockdown.
Troubleshooting IIS / UTF-8 encoding
In some unspecified constellations you will have problems by opening files with special characters using nsfr_img_auth.php. The problem was seen by using Windows Server 2012 R2 with IIS 8.5 and PHP 7.2.14. It seems to be a problem with UTF-8 encoding.
You can use this hook as workaround to solve this:
$wgHooks['ImgAuthBeforeCheckFileExists'][] = function( &$path, &$name, &$filename ) {
$path = utf8_encode( $path );
$name = utf8_encode( $name );
$filename = utf8_encode( $filename );
return true;
};
Just put it in the LocalSettings.php and the problem should be solved.
Release notes
| Release | Changes |
|---|---|
| 1.27.0 | This major update includes changes for compatibility to MediaWiki REL1_27
|
| 1.7 | This major update includes a refactoring of the code and is the base for further development, such as a Special:Upload integration. |
| 1.6 | This major version updated the I18n to json-files. |
| 1.5 | This is a major update to incorporate several evolved changes to the core FileRepo modules into the extension and to bring the extension up to current coding and core standards. Specifically:
Should be backward compatible, but only tested with HEAD, 1.19 and 1.20 Release 1.5 is available through gerrit and is tagged as NSFileRepoREL1_05 |
| 1.4 |
|
| 1.3 | Allow files with namespace protection (e.g. File:ns:yourfile.txt) to be whitelisted using standard $wgWhitelistRead in localsettings. |
| 1.2 |
|
| 1.1 |
|
External links
- Extension reference: NSFileRepo
| This extension is included in the following wiki farms/hosts and/or packages: This is not an authoritative list. Some wiki farms/hosts and/or packages may contain this extension even if they are not listed here. Always check with your wiki farms/hosts or bundle to confirm. |