[majorxp]

I guess I could have spent a bit more time in my prior post and been more clear. Mediawiki is a platform designed to be open as possible. Tools like this that attempt to hide or protect content are inherently rife for problems.

Quote:

Originally Posted by Wayne Luke

1) You have a documentation Wiki and want to include additional information for staff members outside of the public eye.

...and one bad edit by a user and the private information is shared with everyone. If you allow all users to edit, someone will eventually foul it up. If you don't allow users to edit, why are you using a wiki? Also, see below for ways to get around the code parsing to show the entire page anyway.

Quote:

Originally Posted by Wayne Luke

2) You want to leave annotations within an article to the author of the page.

Isn't that what the discussion page is for?

Quote:

Originally Posted by Wayne Luke

3) You want to show different content based on usergroup. e.g. easily include advertising via a Wiki template for regular members and exclude it for paid members.

Again, see #1. If you want to include adverts in the wiki (and you are using vbpro as this tool requires) then just edit the vB templates instead to conditionally include them (or add the logic to the template php page).

Quote:

Originally Posted by Wayne Luke

I am sure there are a million and one things that could be done.

This enables strong functionality that is not normally given to regular users of a site. Furthermore, it is easily broken by a bad edit.

I did install the code on my running server and expected it to fail some simple 'hack' tests.

• I tried inclusion on pages with code, and the resulting pages also parsed the code. I halfway expected this test to fail, but it didn't. Result = Pass.
• I accessed the page using action=raw and I was able to see the raw code as well as all the content (including what should have been hidden from me). Result = Fail.
• I searched pages for code "condition" and other code samples that I knew to exist in my test pages in lots of different ways. I seriously expected this to fail, and still can't figure out how exactly it passes, but no matter what I tried, I could not successfully search for code. Result = Pass.
• I looked at the rss output of the pages including code and was able to see the fully generated page with all the code in the diffs. No matter how I tried to edit and cover my tracks, it was impossible to hide from rss. Result = Fail.

Two out of for test isn't bad. I expected worse. Not to go on a rant here, but additionally... I'm a little weary of giving users the ability to add vB conditionals to wiki pages at their whim. I'm really not sure why, but it is just waiting for someone to take advantage of somehow....

I'm not trying be difficult here or harsh, but I don't see this as a good solution for what it could be intended to be used for. Furthermore, this isn't anything against thincom2000, many of the extensions for mediawiki also fail these tests as well. Frankly, mediawiki isn't a platform for dynamically hiding or presenting content based on usergroups (which is really what the three examples above are - just in different flavors).