Project:Support desk

About this board

Welcome to MediaWiki.org's Support desk, where you can ask MediaWiki questions!

There are also other places where to ask :

Before you post

Post a new question

  1. To help us answer your questions, please always indicate which versions you are using (reported by your wiki's Special:Version page):
    • MediaWiki
    • PHP
    • Database
  2. Please include the URL of your wiki unless you absolutely can't. It's often a lot easier for us to identify the source of the problem if we can look for ourselves.
  3. To start a new thread, click "Start a new topic".
Previous page history was archived for backup purposes at Project:Support_desk/old on 2015-07-30.
Other languages: English  العربية čeština Esperanto français 日本語 中文

"String Functions" do not exist?

3
AngeCI (talkcontribs)
Ciencia Al Poder (talkcontribs)
AngeCI (talkcontribs)

Though I'm not working on WMF wikis, my wiki currently seems to support Lua. However, I usually avoid using it because I don't know when this functionality would be removed (since this did happen on other extensions, there's basically no way to have an effective communication between active users and the site administrator, and the site administrator is always randomly adding or removing extension) and there's no other Lua stuffs existing on my wiki currently.

Reply to ""String Functions" do not exist?"
Lizat17 (talkcontribs)

I have installed Visual Editor and Html2Wiki extensions on my wiki. I was haveing difficulty getting both running and got a Curl 7 error. I suspected that it may be configuration on my shared hosting so I asked them and they have responded as follows:


'Please note that the mentioned Node.Js engine is not available on any of our hosting plans. This being said, I am afraid to inform you that running the mentioned extension called Parsoid would not be possible on our shared or Cloud hosting platforms.'


My research found that VE had been converted to php, is that true? and the Parsoid page on MediaWiki says this ' In 2019, Parsoid was ported to PHP, and the PHP version replaced the JS version on the Wikimedia cluster in Dec. 2019. '


So it sound like it shouldn't need Node.Js?


Can anyone advise please?

Reply to "Parsiod & Node.js"

[Solved] Forbidden You don't have permission to access /index.php - Ask your provider to disable Mod_security

31
Rainerhamm (talkcontribs)

Hello!

I hope anybody can help me. I am running Mediawiki 1.28.2 with PHP 5.6 on www.kempedia.de.

Yesterday I recognized, that I get an error when I want to preview or save a page that contains a colon at the begin of a line to produce an indentation.

The error is

Forbidden

You don't have permission to access /index.php on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

And the administration-panel shows the error

Cannot allocate memory (client: 78.46.16.76:xxxxx) Couldn't create child process opt/suphp/sbin/suphp for home/web1807/public_html/api.php

After searchin in the www I thought it is something regarding mod_security(what is that?) or anything else regarding apache. But the technical support said that it comes from the actual version of mediawiki. "In der aktuellen Version vom Wiki werden Sonderzeichen transformiert übersendet, was bei bestimmten Sonderzeichenkombinationen einen 404 Fehler im Browser verursacht". In English: In the actual version ... special characters are sent after transformation. That causes with special character combination a 404-error in the browser"

Can you confirm it? What can I do that my wiki runs like before?

Thanks and best regards

Rainer Hamm

24.39.1.139 (talkcontribs)

Chmod index.php to 755.

24.39.1.139 (talkcontribs)

Generally al, the MediaWiki files should be readable, writable, and exicutable by the user readable, and executable, by the group and readable, and exicutable by the world. Chmod equivalent is 755.

24.39.1.139 (talkcontribs)

As for the memory error, try increasing the memory limit in php.ini

Rainerhamm (talkcontribs)

Thank you!

index.php was on 754, and it worked in normal use.

Now I changed it ro 755. But that didn't change anything.

The error still appears.

I already had set the memory limit from 128 to 512M. No success.

Any other idea?

24.39.1.139 (talkcontribs)

What version of MediaWiki are you using?

Rainerhamm (talkcontribs)

Version 1.28.2

24.39.1.139 (talkcontribs)

Mod_security is an apache module that helps to protect your website from various attacks. It is used to block commonly known exploits by use of regular expressions and rule set

24.39.1.139 (talkcontribs)

Add the following to a file called .htaccess in the domains root directory.

<IfModule mod_security.c>

SecFilterEngine Off

SecFilterScanPOST Off

</IfModule>

Rainerhamm (talkcontribs)

OK. But that seems not to be the reason. I askes the technical support of my provider.

I think with mod_security for example words like Casino or Poker are forbidden. But I can write Casino into the script, and the preview works. If I set a colon at the begin of the line, I get the error message.

24.39.1.139 (talkcontribs)

That will disable mod_security

24.39.1.139 (talkcontribs)

Could you provide a link to your wiki.

Rainerhamm (talkcontribs)

.htaccess changed. No effect.

I tried a similar entry already yesterday after reading half of the net. :-)

Rainerhamm (talkcontribs)
Rainerhamm (talkcontribs)

Then I will search for a simple test.

24.39.1.139 (talkcontribs)

I can load your wiki just fine.

Rainerhamm (talkcontribs)

Please login with user "mediawiki" and the password "support".

Then open any page, for example "Burgwall" in the middle of the page (a street in our town) and add a line

": Test" Normally that would create an indentation

Then make a preview and you get the message.

Try the same without the line and it works.

Rainerhamm (talkcontribs)

Are you MacFan4000. How have you done it.

Normally you must answer a question regarding our city to create a new account.

You shouldn't know the answer. ??? Or do you have special possibilities? :-)

24.39.1.139 (talkcontribs)

I am MacFan4000, no In did get a 403 when trying to do that. I simply googled for translations and questions

Rainerhamm (talkcontribs)

I have seen: You changed "Umstraße 22". This is a small page and a good object to test as well.

Rainerhamm (talkcontribs)

Have you tried to add a line with a colon and save or preview?

24.39.1.139 (talkcontribs)
TheDJ (talkcontribs)
Rainerhamm (talkcontribs)

And have you got the error as well?

What shall I search in Errors ans symtoms.

It's a hard work for a non-specialist in IT and Mediawiki and a German with a bad English. :-)

Rainerhamm (talkcontribs)

But the colon is not in the URL. It is in the text at the begin of a line.

I can try to read it in English. But I don't know whether I will find a solution there.

Rainerhamm (talkcontribs)

A colon in the URL doesn't make a problem.

For example "index.php?title=Spezial:Spezialseiten" works with a colon. No problem.

Rainerhamm (talkcontribs)

Hello! Are you still busy with that issue?

It is not solved. Or do you think so?

Rainerhamm (talkcontribs)

However - from today the mistake doesn't appear anymore. I don't know what is changed.

I changed nothing - not in the wiki- and not in any other configuration.

????????????????????

Moscowdreams (talkcontribs)

Full message I received future for internet searches:


Forbidden

You don't have permission to access /index.php on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Moscowdreams (talkcontribs)

Change Mod_security with the administrator

Mod_security is an apache module that helps to protect your website from various attacks. It is used to block commonly known exploits by use of regular expressions and rule set

Question about listing the proper copyright

4
Guy Macon (talkcontribs)

I am not very familiar with how copyrights are documented here.

The file

File:VLC 3.0.9 on Fedora Linux 31 and GNOME Shell 3.34 -- playing Spring, a short film by Blender Foundation.png

Looks like it is claiming that it is a screenshot from free and open source software (which VLC is) but does not appear to mention the copyright status of the Spring film itself.

Spring is under a Creative Commons Attribution 4.0 International license (CC BY 4.0). See

https://www.blender.org/press/spring-open-movie/

https://cloud.blender.org/p/spring/about

Should we somehow indicate the copyright status of the movie the screenshot is from as well as the copyright status of the software that the screenshot was taken from?

DSquirrelGM (talkcontribs)

Both should be mentioned, if it's intended to be associated with both. Having separate sections for each - let's call it, component - of the screenshot with license info seems to be the best course of action.

Bawolff (talkcontribs)

honestly, i would much prefer these types of files be at commons. Local uploads are a it of a mess.

Guy Macon (talkcontribs)

Can someone please make the proper copyright notices happen? I don't know how. --Guy Macon (talk) 10:42, 26 February 2020 (UTC)

Reply to "Question about listing the proper copyright"

Email address during registration

2
Fokebox (talkcontribs)

Hello,

How to make it obligatory to indicate email address during registration?

Ciencia Al Poder (talkcontribs)
Reply to "Email address during registration"

Error Style not displaying after removing index.php

6
SamiWey (talkcontribs)

mediawiki 1.34

.htaccess

RewriteEngine On
RewriteRule ^/?wiki(/.*)?$ %{DOCUMENT_ROOT}/index.php [L]

RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
RewriteRule ^/?images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ %{DOCUMENT_ROOT}/thumb.php?f=$1&width=$2 [L,QSA,B]

RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
RewriteRule ^/?images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ %{DOCUMENT_ROOT}/thumb.php?f=$1&width=$2&archived=1 [L,QSA,B]

localsettings.php

 ## The URL base path to the directory containing the wiki;
 ##  defaults for all runtime URL paths are based off of this.
 ##  For more information on customizing the URLs please see: 

 ##  http://www.mediawiki.org/wiki/Manual:Short_URL  

 $wgScriptPath = ""; 

 $wgScriptExtension = ".php"; 

 $wgArticlePath = "/wiki/$1";
$wgUsePathInfo = true;
Malyacko (talkcontribs)

@SamiWey You posted stuff from files but did not explain what the problem is. Or if you have some question. Or where to see a problem.

Ciencia Al Poder (talkcontribs)

$wgScriptPath probably needs to be "/" instead of "" Nope, empty string is fine for this setting.

The configuration looks fine.

Hit the F12 key, select the network tab, and reload the page. Look at requests to the load.php URL and see if some of them return 5XX or 4XX status codes, open them and see if there's any error there.

SamiWey (talkcontribs)
SamiWey (talkcontribs)

this appears in console

  1. Refused to apply style from 'https://www.wiki.org/wiki/public_html/load.php?lang=es&modules=mediawiki.legacy.commonPrint%2Cshared%7Cmediawiki.skinning.interface%7Cskins.vector.styles&only=styles&skin=vector' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
  2. Página_principal:12 GET https://www.wiki.org/wiki/public_html/load.php?lang=es&modules=startup&only=scripts&raw=1&skin=vector net::ERR_ABORTED 404
Ciencia Al Poder (talkcontribs)

Is your wiki accessible under the URL /wiki/public_html/ ?

Reply to "Error Style not displaying after removing index.php"

Issues on wiki farm with logging into wikis using a shared database

5
91.65.183.96 (talkcontribs)

After upgrading from 1.31 to 1.34 it is no longer possible to automatically log into sister wikis using user tables.

Error message when trying to log in: Auto-creation of a local account failed: Username entered already in use. Please choose a different name.

$wgSharedDB = 'mywiki';
$wgSharedPrefix = 'prefix_';
$wgSharedTables = [
	'user',
	'user_groups',
	'interwiki',
	'ipblocks'
];
$wgCookieDomain = '.example.org';
$wgMainCacheType = CACHE_NONE;
$wgSessionCacheType = CACHE_DB;

$wgGroupPermissions['*']['autocreateaccount'] = true; // I added this and truncated the object cache table afterwards. In 1.31 it worked without it.


I have no clue how to go about it. Setting $wgSessionCacheType or not does not make a difference. Hoping for advice.

91.65.183.96 (talkcontribs)

I cannot edit my previous post. The software appears to be broken. I wanted to write "After upgrading from 1.31 to 1.34 it is no longer possible to automatically log into sister wikis using a shared user table." instead of "After upgrading from 1.31 to 1.34 it is no longer possible to automatically log into sister wikis using user tables."

Spas.Z.Spasov (talkcontribs)

Hello, in order to edit your previous post you need to create and use an account.

Here is the relevant part of our wiki family CommonSettings.php, that works as it is expected with MW 1.33 and now with 1.34 - note you need to check the option 'Keep me logged in' on the page 'Special:UserLogin':

<?php
$wgMainCacheType = CACHE_ACCEL;
$wgMainStash = CACHE_ACCEL;
$wgSessionCacheType = CACHE_ACCEL;
$wgParserCacheType = CACHE_ACCEL;  // optional
$wgMessageCacheType = CACHE_ACCEL; // optional
$wgUseGzip = true;
$wgUseGzip = true;

wfLoadExtension( 'Interwiki' );
$wgEnableScaryTranscluding = true;
//$wgInterwikiViewOnly = true;
$wgGroupPermissions['sysop']['interwiki'] = true;
$wgInterwikiCentralDB = 'example_commons';
$wgInterwikiMagic = true;
$wgHideInterlanguageLinks = false;

$wgSharedDB = 'example_commons'; // wiki database holding the main user table
//$wgSharedPrefix = 'm_';        // Currently we do not use prefix!
$wgSharedTables[] = 'user';      // I think we do not need that table
$wgSharedTables[] = 'ipblocks';
$wgSharedTables[] = 'user_groups';
$wgSharedTables[] = 'interwiki';
$wgSharedTables[] = 'user_properties';

// Login in all wikis at once; our wikis:
//   bg.example.org, ru.example.org, en.example.org, commons.example.org
// Note you need to check the option 'Keep me logged in'
//   on the page 'Special:UserLogin'.
// After some change is made here, restart the web server
//   and completely flush the browser's cache
$wgCookieDomain = '.example.org';
//$wgCookieSecure = false;


91.65.183.96 (talkcontribs)

Thanks a lot for your reply. I am afraid that it did not help me. I still have the same issue. Moreover I have to do

$wgSessionCacheType = CACHE_DB;

because otherwise I cannot even log in to the main wiki. The other two differences between your setup and mine was setting

$wgMainStash = CACHE_ACCEL;

which I have done now and adding the 'user_properties' table to the array of shared tables. I conclude that MediaWiki is not up for the job in a stable manner which is a bit disappointing. Still wonder why it worked in MediaWiki 1.31

91.65.183.96 (talkcontribs)

Hmm, now that the users are on the wiki the login to all wikis work, at least for existing users. The question is wether this is only an issue for me and me and the clients I use to access the site or because I use a newly created account.

Reply to "Issues on wiki farm with logging into wikis using a shared database"

Upgraded to 1.29 - Fatal Exception

10
Grantkinkead (talkcontribs)

I have just upgraded from 1.28 to 1.29. When I attempt to open the main page I get the following error:

[056a2df837ca6662c8607fea] 2017-07-19 23:28:46: Fatal exception of type "Exception"

The number changes each time I refresh.

I have added:

error_reporting( E_ALL );

ini_set( 'display_errors', 1 ); to my Local settings, but receive no further information.

My PHP version is 7.0.18

Mysql version is 5.0.12

http://54.206.106.229/phpinfo.php

http://54.206.106.229/Wiki/index.php/Main_Page

I hope this is an easy one.

MacFan4000 (talkcontribs)

Did you run maintenance/update.php? If not than try running it.

Grantkinkead (talkcontribs)

That helped a lot and I managed to clean up a lot of stuff from a maps extension that was causing grief. However, now I have hit a bit of a wall. It appears that composer is not uploading a couple of files it could upload before the upgraded. The errors I am now getting are:

Warning: Class 'Wikimedia\Timestamp\TimestampException' not found in /var/www/html/Wiki/includes/compat/Timestamp.php on line 18

Warning: require(/var/www/html/Wiki/vendor/composer/../hamcrest/hamcrest-php/hamcrest/Hamcrest.php): failed to open stream: No such file or directory in /var/www/html/Wiki/vendor/composer/autoload_real.php on line 70

Fatal error: require(): Failed opening required '/var/www/html/Wiki/vendor/composer/../hamcrest/hamcrest-php/hamcrest/Hamcrest.php' (include_path='/var/www/html/Wiki/vendor/pear/pear_exception:/var/www/html/Wiki/vendor/pear/console_getopt:/var/www/html/Wiki/vendor/pear/mail_mime:/var/www/html/Wiki/vendor/pear/mail_mime-decode:/var/www/html/Wiki/vendor/pear/mail:/var/www/html/Wiki/vendor/pear/pear-core-minimal/src:/var/www/html/Wiki/vendor/pear/net_socket:/var/www/html/Wiki/vendor/pear/net_smtp:.:/usr/share/php') in /var/www/html/Wiki/vendor/composer/autoload_real.php on line 70

I have had a look in the composer.json file and it has the following:

"autoload": {

"psr-0": {

"ComposerHookHandler": "includes/composer"

},

"files": [

"includes/compat/Timestamp.php"

]

},

"autoload-dev": {

"files": [

"vendor/hamcrest/hamcrest-php/hamcrest/Hamcrest.php",

"vendor/wmde/hamcrest-html-matchers/src/functions.php"

]

},

I am not too sure where to go from here. Any suggestions would be greatly appreciated.

Grantkinkead (talkcontribs)

I have sorted out the Timestamp issue.

Reception123 (talkcontribs)

Was the composer.json file updating to match the REL1_29 file?

Revansx (talkcontribs)

I am experiencing a similar problem as well:

Warning: require(/opt/htdocs/mediawiki/vendor/composer/../symfony/var-dumper/Resources/functions/dump.php): failed to open stream: Permission denied in /opt/htdocs/mediawiki/vendor/composer/autoload_real.php on line 70

Fatal error: require(): Failed opening required '/opt/htdocs/mediawiki/vendor/composer/../symfony/var-dumper/Resources/functions/dump.php' (include_path='/opt/htdocs/mediawiki/vendor/pear/console_getopt:/opt/htdocs/mediawiki/vendor/pear/mail_mime:/opt/htdocs/mediawiki/vendor/pear/pear-core-minimal/src:/opt/htdocs/mediawiki/vendor/pear/pear_exception:.:/usr/share/pear:/usr/share/php') in /opt/htdocs/mediawiki/vendor/composer/autoload_real.php on line 70

any advice?

星耀晨曦 (talkcontribs)

Do you installed by tarball, or using Git?

Revansx (talkcontribs)

i have installed MW via Meza

星耀晨曦 (talkcontribs)

For the error message, your web server can't read opt/htdocs/mediawiki/vendor/composer/../symfony/var-dumper/Resources/functions/dump.php. Make sure your web server can read the MW code files.

202.89.106.200 (talkcontribs)

facing the same issue with 1.34.0 version

mediawiki\vendor\composer\autoload_real.php on line 61


any advice?

Reply to "Upgraded to 1.29 - Fatal Exception"
Keithsuen (talkcontribs)

Hi,

I am using Mediawiki version 1.33.0 with Visual Editor installed (hosted on CentOS 7). When i use some scanning tools to scan my site, the following issue pops out. May I ask if there is any way to handle it?  Thank you!


CGI abuses: CGI Generic Unseen Parameters Discovery TCP 80

Plugin Output:

Using the GET HTTP method, Nessus found that :

+ The following resources may be vulnerable to unseen parameters :

+ The 'debug' parameter of the /mw/load.php CGI :

/mw/load.php?lang=en&modules=ext.visualEditor.desktopArticleTarget.noscr

ipt%257Cmediawiki.legacy.commonPrint%252Cshared%257Cmediawiki.skinning.i

nterface%257Cskins.vector.styles&only=styles&skin=vector&debug=1

-------- output --------

/*

Problematic modules: {"ext.visualEditor.desktopArticleTarget.noscript%7C

mediawiki.legacy.commonPrint%2Cshared%7Cmediawiki.skinning.interface%7Cs

kins.vector.styles":"missing"}

*/

-------- vs --------

/*

Problematic modules: {

"ext.visualEditor.desktopArticleTarget.noscript%7Cmediawiki.le [...]

}

------------------------

Synopsis:

A CGI application hosted on the remote web server is potentially prone to information disclosure or privilege escalation.

Description:

By sending requests with additional parameters such as 'admin', 'debug', or 'test' to CGI scripts hosted on the remote web server, Nessus was able to generate at least one significantly different response even though the parameters themselves do not actually appear in responses.

This behavior suggests that such a parameter, while unseen, are used by the affected application(s) and may enable an attacker to bypass authentication, read confidential data (like the source of the scripts), modify the behavior of the application(s) or conduct similar attacks to gain privileges.

Note that this script is experimental and may be prone to false positives.

Solution:

Inspect the reported CGIs and, if necessary, modify them so that security is not based on obscurity.

Bawolff (talkcontribs)

its not a real issue. The report is saying output is different depending on if you specify debug mode or not, which is expected. The reason its complaining is that if instead of debug, there was a parameter named BeAdmin that turned you into an admin, that would be a problem. However debug is safe so nothing to see here.

Automated scan tools often lean on the side of report everything possible no matter how far fetched. As a result they often have a high false positive rate, so you need to verify their findings are really true.

Reply to "Security issuse of MediaWiki"

create account using SQL query

2
Sskorkim (talkcontribs)

HI~

I want to create an account using a query (mysql).

But I don't know how to encrypt the password. Help me.



INSERT INTO user(

user_name,

user_password,

user_newpassword,

user_email,

user_touched,

user_email_token,

user_registration,

user_editcount) values (

'g',

???????????,

'',

'',

date_format(now(), '%Y%m%d%H%i%s'),

'',

date_format(now(), '%Y%m%d%H%i%s'),

0);

Bawolff (talkcontribs)

dont do this. For starters you will have referential integrity issues with actor table.

Use createAndPromote.php instead

Reply to "create account using SQL query"