How to make the EtherpadLite MediaWiki extention not leak ip-addresses or usernames

From Creative Crowds wiki
Jump to navigation Jump to search

in extensions/EtherpadLite/EtherpadLite_body.php edit the following lines: 

# Etherpad Lite requires rawurlencoded userName, thus we must add it manually
if ( method_exists( $parser, 'getUserIdentity' ) ) {
        // MW 1.36+
        $user = $parser->getUserIdentity();
} else {
        $user = $parser->getUser();
}

$url = wfAppendQuery( $url, array(
                "showControls"     => $showControls,
                "showChat"         => $showChat,
                "showLineNumbers"  => $showLineNumbers,
                "useMonospaceFont" => $useMonospaceFont,
                "noColors"         => $noColors,
        )
) . "&userName=unnamed";
// NOV 2025, manetta writing
// OMG this is a big privacy bug in this extention!!
// So glad that it can be hacked like this,
// it now sets the default username to "unnamed",
// which is also the default etherpad username,
// so nobody can see if you're logged in from the wiki or elsewhere
// This is what was written above before my change:
// . "&userName=" . rawurlencode( $user->getName() );
// I AM NOT SURE HOWEVER....
// if this information is not to be found in another way,
// as the extension is still requesting this info
// from mediawiki....
Retrieved from "http://cc.practices.tools/wiki/index.php?title=How_to_make_the_EtherpadLite_MediaWiki_extention_not_leak_ip-addresses_or_usernames&oldid=5174"