Page MenuHomePhabricator

Broken login when URL already contains an "action" parameter
Closed, ResolvedPublic0 Story Points

Description

Steps to reproduce:

  1. Using Chromium 74,
  2. Make sure you are not logged in on English Wikipedia
  3. Go to https://tools.wmflabs.org/iabot/index.php?page=runbotsingle&action=analyzepage (note the action parameter)
  4. Click "Login to get started." which is a link to https://tools.wmflabs.org/iabot/oauthcallback.php?action=login&returnto=https://tools.wmflabs.org/iabot/index.php?page=runbotsingle&fullauth=1

Expected outcome:
Proper URL encoding of URL parameters. Being able to log in.

Actual outcome:
Two action parameters in the URL https://tools.wmflabs.org/iabot/oauthcallback.php?action=login&returnto=https://tools.wmflabs.org/iabot/index.php?page=runbotsingle&action=analyzepage&fullauth=1 ;

Logged on:
/mnt/nfs/labstore-secondary-tools-project/iabot/public_html/oauthcallback.php:77:boolean false
Login

Blocked:
/mnt/nfs/labstore-secondary-tools-project/iabot/public_html/oauthcallback.php:81:boolean false
Is bot:
/mnt/nfs/labstore-secondary-tools-project/iabot/public_html/oauthcallback.php:83:boolean false
User groups:
/mnt/nfs/labstore-secondary-tools-project/iabot/public_html/oauthcallback.php:85:boolean false
User name:
/mnt/nfs/labstore-secondary-tools-project/iabot/public_html/oauthcallback.php:87:boolean false
CSRF Session Token:
/mnt/nfs/labstore-secondary-tools-project/iabot/public_html/oauthcallback.php:89:boolean false
OAuth Errors encountered:
/mnt/nfs/labstore-secondary-tools-project/iabot/public_html/oauthcallback.php:91:boolean false

Event Timeline

Aklapper created this task.Jun 30 2019, 8:18 PM
Restricted Application assigned this task to Cyberpower678. · View Herald TranscriptJun 30 2019, 8:18 PM
Restricted Application added a subscriber: Cyberpower678. · View Herald Transcript
Cyberpower678 closed this task as Resolved.Jul 24 2019, 12:28 PM