Page MenuHomePhabricator

Internal error when trying to revoke OAuth consumer
Closed, DuplicatePublic

Description

Error message
[XnOwTgpAAEMAAFgx-74AAAAO] 2020-03-19 17:47:58: Fatal exception of type "Error"
Impact

OAuth consumers’ access cannot be revoked, not even malicious ones’.

Details

Request ID
XnOwTgpAAEMAAFgx-74AAAAO
Request URL
https://hu.wikipedia.org/wiki/Speciális:OAuthManageMyGrants/revoke/XXXX
Stack Trace

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 19 2020, 5:50 PM
Tacsipacsi triaged this task as Unbreak Now! priority.Mar 19 2020, 5:52 PM

This is a major security issue: if a user is tricked into granting an OAuth consumer, there is no way back.

Restricted Application added a subscriber: Liuxinyu970226. · View Herald TranscriptMar 19 2020, 5:52 PM

Error message:

Error from line 95 of /srv/mediawiki/php-1.35.0-wmf.23/extensions/OAuth/includes/frontend/specialpages/SpecialMWOAuthManageMyGrants.php: Call to a member function getConsumerKey() on boolean
Restricted Application removed a subscriber: Liuxinyu970226. · View Herald TranscriptMar 19 2020, 5:55 PM