PHP Notice: Undefined offset: 8 from TOTPKey.php
Closed, ResolvedPublicSecurity
Actions

Assigned To

Authored By

	brennen
	Feb 4 2020, 11:58 PM

Description

Unclear if any impact, but just noticed a handful of these in logs:

[Exception ErrorException] (/srv/mediawiki/php-1.35.0-wmf.16/extensions/OATHAuth/src/Key/TOTPKey.php:188) PHP Notice: Undefined offset: 8
  #0 /srv/mediawiki/php-1.35.0-wmf.16/extensions/OATHAuth/src/Key/TOTPKey.php(188): MWExceptionHandler::handleError(integer, string, string, integer, array)
  #1 /srv/mediawiki/php-1.35.0-wmf.16/extensions/OATHAuth/src/Module/TOTP.php(92): MediaWiki\Extension\OATHAuth\Key\TOTPKey->verify(array, MediaWiki\Extension\OATHAuth\OATHUser)
  #2 /srv/mediawiki/php-1.35.0-wmf.16/extensions/OATHAuth/src/HTMLForm/TOTPDisableForm.php(56): MediaWiki\Extension\OATHAuth\Module\TOTP->verify(MediaWiki\Extension\OATHAuth\OATHUser, array)
  #3 /srv/mediawiki/php-1.35.0-wmf.16/includes/htmlform/HTMLForm.php(694): MediaWiki\Extension\OATHAuth\HTMLForm\TOTPDisableForm->onSubmit(array, MediaWiki\Extension\OATHAuth\HTMLForm\TOTPDisableForm)
  #8 /srv/mediawiki/php-1.35.0-wmf.16/extensions/OATHAuth/src/Special/OATHManage.php(187): MediaWiki\Extension\OATHAuth\Special\OATHManage->addCustomContent(MediaWiki\Extension\OATHAuth\Module\TOTP)
  #9 /srv/mediawiki/php-1.35.0-wmf.16/extensions/OATHAuth/src/Special/OATHManage.php(100): MediaWiki\Extension\OATHAuth\Special\OATHManage->addModuleHTML(MediaWiki\Extension\OATHAuth\Module\TOTP)

brennen@mwlog1001:/srv/mw-log$ grep -c 'TOTP' ./error.log 
48

Details

Author Affiliation: WMF Technology Dept

Subject	Repo	Branch	Lines +/-
Fix removing scratch tokens	mediawiki/extensions/OATHAuth	REL1_34	+2 -2
Fix removing scratch tokens	mediawiki/extensions/OATHAuth	master	+2 -2
Fix removing scratch tokens	mediawiki/extensions/OATHAuth	wmf/1.35.0-wmf.18	+2 -2
Fix removing scratch tokens	mediawiki/extensions/OATHAuth	wmf/1.35.0-wmf.16	+2 -2