Last modified: 2011-07-19 03:33:11 UTC
Upgraded to Mediawiki 1.17.0 (Debian/stable, PHP 5.3.3), ran the maintenance/update.php and MW would work fine - but only without the SimpleSecurity extension. If enabled, this happens: PHP Fatal error: Call to a member function isOpen() on a non-object in ../includes/db/LoadBalancer.php on line 652 === LocalSettings.php === $wgSecurityUseDBHook = true; require_once("$IP/extensions/SimpleSecurity-svn/SimpleSecurity.php"); $wgSecurityRenderInfo = false; $wgSecurityAllowUnreadableLinks = false; $wgPageRestrictions['Namespace:Special']['read'] = 'users'; $wgPageRestrictions['Namespace:User']['read'] = 'users'; Commenting out wgSecurityUseDBHook helped and SimpleSecurity does what it's supposed to do - I guess. I'd feel more comfortable if someone could have a look at this if it's safe to disable the hook with MW 1.17. Thanks!
Trunk version of the extensions seems to have a fix for this.
I'm already using SimpleSecurity's trunk version (r89186), but as soon as I set $wgSecurityUseDBHook=true; this fatal PHP error is shown and I get an empty page. Unsetting $wgSecurityUseDBHook or setting to "false" makes it work again. So maybe the documentation on WM:Extension:Simple_Security needs to be changed for MW 1.17, but I'm not sure what the (security-)implications of this missing hook are - hence this report.
There have been changes to the LoadBalancer and LBFactory which make SimpleSecurity 4.x incompatible with versions of MediaWiki start from 1.17. I've found a way to hook into the database for 1.17+ but it required quite major changes which I couldn't make backwards compatible with versions of MediaWiki prior to this, so I've made SimpleSecurity 5.0 which should be used for 1.17+ and 4.x for older MediaWiki versions. SimpleSecurity 4.x is available from the OrganicDesign extensions repo at: http://svn.organicdesign.co.nz/listing.php?repname=extensions For more detailed info about the problem and solution see: http://www.organicdesign.co.nz/Extension:SimpleSecurity This is a major update so there could be further issues.
Sorry for the late reply: yes, with the trunk version of SimpleSecurity (r92519) it's working now and the error message is gone. I do have another problem though, but that'll do for another bug. One more thing: the installation on Extension:Simple_Security now says to add wgSecurityUseDBHook *after* the include_once statement for current SimpleSecurity releases. This does not work here, I still have to put it *before* include_once (resp. require_once, the documentation lists them both). Thanks!