Open main menu

Extension talk:ProtectSource


To protect all pagesEdit

If you want to protect all pages, not only protect protected pages, you can comment Line 62~64 in ProtectSource.php. But it will cause Anonymous reading error in MediaWiki:Common.css, so CSS of skins cannot shows correctly. Therefore, the Namespace of MediaWiki cannot be protected by this extension.

My modify is to protect all pages except Namespace of MediaWiki, as following.

Modify In ProtectSource.phpEdit

find code:

function ProtectSource( $output, $article, $title, $user, $request, $wiki ) {

    global $wgProtectSourceUserRight;

change to:

$wgUnprotectSourceNamespace = array();

function ProtectSource( $output, $article, $title, $user, $request, $wiki ) {

    global $wgProtectSourceUserRight;
    global $wgUnprotectSourceNamespace;

find code:

	// only block source of protected pages
	if(!$title->isProtected('edit') ) {
		return true;

change to:

	// only block source of protected pages
//	if(!$title->isProtected('edit') ) {
//		return true;
//	}

//You can customize the unprotect source Namespace by using $wgUnprotectSourceNamespace in LocalSettings.php. Example:
//	$wgUnprotectSourceNamespace[] = NS_MEDIAWIKI ;
	$ns = $title->getNamespace();
	if (in_array($ns, $wgUnprotectSourceNamespace)){
		return true;

Customize in LocalSettings.phpEdit

If you want editor can see source and anonymous dosenot, for example:

require_once( "$IP/extensions/ProtectSource/ProtectSource.php" );
$wgProtectSourceUserRight = 'edit';
$wgUnprotectSourceNamespace[] = NS_MEDIAWIKI ;

Chienwen 04:15, 2 September 2009 (UTC)


Even with this fix, there seem to be problems reading the common.js file (even though it is in the MediaWiki namespace). In particular, the hide/show feature of NavFrame is disabled. Using the original extension code, this does not happen (even on protected pages). Any ideas?

Then don't use it? What's the use in protecting ALL pages anyway? --Subfader 15:49, 13 May 2010 (UTC)
I am hiding part of the page from anonymous users (with the PrivateBlocks extension) and thus don't want them seeing the source. Eventually most pages will have this, so I don't want to have to manually set a page as protected. Plus, the pages shouldn't really be protected, since any registered users should be able to edit. --Oscarlevin 16:21, 13 May 2010 (UTC)
Although I'm still curious why common.js is not read correctly, I found a workaround for my problem: instead of checking whether the page is unprotected, I check whether the page contains either of two key words (that are on every page on which I want to protect the source -- I don't care if some other pages get included accidentally). If the page does not contain those words, I return "true." This had the desired effect. -- Oscarlevin 20:20, 13 May 2010 (UTC)

Stopping Special:Export from being usedEdit

Hi, is might not be the right place to ask this. How do I block a distinct special page, e.g. Special:Export from being used? I would like to give this extension a try, but currently I do not know how. Is there a user right called "export"? I also found the information that protected pages cannot be exported here. Wouldn't this mean that you do not have to stop this page from being used since it will not export the pages anyway? Hmm ... Cheers --[[kgh]] 22:09, 12 August 2011 (UTC)

Interesting, I never tried this since i think disabling the export function for all pages as more useful solution for my wiki. If so, you wouldn't need to disable Special:Export.
To disable it nontheless, edit includes/SpecialPage.php and comment out the inclusion:
# disabled 'Export' => 'SpecialExport',
To be sure it doesn't work you can delete includes/specials/SpecialExport.php.
It doesn't look like there's a user right 'export'. --Subfader 17:37, 14 August 2011 (UTC)
Heiya Subfader,
thank you for your reply. Your tip may also be applicable to all sort of Special pages. Hmm ... this is very interesting to know. How would you disable the export function for all pages? This may not be an option on my wiki, still it would be nice to know too ...
I was thinking again about this user right 'export'. I think the reason why it is not there in contrast to 'import' is that this would substantially interfere with the philosophy of free knowledge that ought to flow.
Cheers --[[kgh]] 21:27, 14 August 2011 (UTC)

1.27 works, but....Edit

Hi I've just added the extension to a new 1.27 install and it does still block access to the source, but instead of a helpful message it now shows a HTTP 500 Internal Error Message.

Christharp (talk) 19:41, 14 October 2016 (UTC)

Update: inside ProtectSource.php change line 108 & line 110 from referencing wfMsg to wfMessage and the above problem I wrote about is fixed.

Christharp (talk) 23:58, 16 October 2016 (UTC)

Wrong Error MessageEdit

Priority:Logged in members of a custom-added user-group, without edit rights to the page, can still view source.

Seems to work on 1.30, for non-logged-in users, but the block message is not

"Sorry, this is a protected page. You do not have the proper permissions to view the source."

Non-logged in users get:

[WyrzkscPpcvIqTU4bl6icQAAA9g] 2018-06-21 00:38:42: Fatal exception of type "Error"

Johnywhy (talk) 00:40, 21 June 2018 (UTC)

Return to "ProtectSource" page.