Well I did take my passwords out of webroot. https://www.mediawiki.org/wiki/Manual:Securing_database_passwords#Keep_MySQL_Passwords_Out_Of_Webroot
On Sat, Jul 1, 2017 at 6:18 PM, John <[email protected]> wrote: > Yes, making localsettings.php world readable/editable is a huge security > issue. > > On Sat, Jul 1, 2017 at 6:16 PM, Jean Valjean <[email protected]> > wrote: > > > I want to let some of my administrators (in the wizards group) edit > > LocalSettings.php, so I used this snippet, which allows them to make > > changes by editing the Project:Shared_config.php page. Then I protected > the > > page so that only wizards can edit it. Do you think this presents any > > security issues? > > > > (I was also going to have it save the old version to a bak file, but I > had > > to comment that code out because I was getting a call to a function on a > > non-object error, for some reason) > > > > function editLocalSettingsOnPageContentSaveComplete( $article, $user, > > $content, > > $summary, $isMinor, $isWatch, $section, $flags, > > $revision, $status, $baseRevId ) { > > if ( > > $article->getTitle()->getFullText() !== 'Project:Shared > > config.php' ) { > > return true; > > } > > # $oldRevision = Revision::newFromId( $baseRevId ); > > # $oldRevisionContent = $oldRevision->getContent( Revision::RAW ); > > # $oldRevisionContents = ContentHandler::getContentText( > > $oldRevisionContent ); > > # $oldRevisioncontents = str_replace( '<source lang="php"' . > ">\n", > > '', $oldRevisionContents ); > > # $oldRevisioncontents = str_replace( '</source' . '>', '', > > $oldRevisionContents ); > > # file_put_contents ( '/home/wiki/shared_config.bak', > > $oldRevisionContents ); > > $contents = ContentHandler::getContentText( $content ); > > $contents = str_replace( '<source lang="php"' . ">\n", '', > > $contents ); > > $contents = str_replace( '</source' . '>', '', $contents ); > > file_put_contents ( '/home/wiki/shared_config.php', > > $contents ); > > return true; > > } > > $wgHooks['PageContentSaveComplete'][] = > > 'editLocalSettingsOnPageContentSaveComplete'; > > > > # add an additional protection level restricting edit/move/etc. to users > > with the "wizards" permission > > $wgRestrictionLevels[] = 'wizards'; > > # give the "wizards" permission to users in the "wizard" group > > $wgGroupPermissions['developer']['wizards'] = true; > > _______________________________________________ > > MediaWiki-l mailing list > > To unsubscribe, go to: > > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > > > _______________________________________________ > MediaWiki-l mailing list > To unsubscribe, go to: > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
