Page MenuHomeMiraheze
Create Task
Maniphest T7216

Private configs are also exposed by DataDump
Closed, ResolvedPublic
Actions

Description

Kind of a follow up to T7213, but users with the generate-dump and view-dump permissions (by default these are given to Administrators) have the ability to dump all ManageWiki configuration, which includes private options. I've confirmed this on testwiki.

I recommend either reimplementing these private configuration options so that they have their own special page, or limiting managewiki backups to only be accessible to users with the managewiki right.

Related Objects

Event Timeline

Void created this task.Apr 28 2021, 23:48
Herald added subscribers: RhinosF1, Reception123. · View Herald TranscriptApr 28 2021, 23:48
Reception123 added a comment.EditedApr 29 2021, 08:36

Any objections to adding Universal Omega to this task? As he did resolve the other one, so he might be able to find a fix relatively quickly for this as well.

RhinosF1 added a comment.Apr 29 2021, 09:01

No

Reception123 added a subscriber: Universal_Omega.Apr 29 2021, 10:21
Reception123 added projects: DataDump, MediaWiki (SRE).Apr 29 2021, 13:15
John removed a project: DataDump.Apr 29 2021, 13:19
Reception123 closed this task as Resolved.Apr 29 2021, 20:28
Reception123 claimed this task.
Reception123 changed the edit policy from "Custom Policy" to "All Users".
Reception123 changed the visibility from "Custom Policy" to "Public (No Login Required)".
Herald added a subscriber: Joritochip. · View Herald TranscriptApr 29 2021, 20:29
Reception123 reassigned this task from Reception123 to Paladox.Apr 29 2021, 20:29
Dmehus added a subscriber: Dmehus.Apr 29 2021, 20:29