Author: yayamamo+bugwm
Description:
When you use MediaWiki not in the English mode, a return address ending with "OpenIDFinish" causes Auth_OpenID_FAILURE.
Although redirecting address from an OpenID provider includes "OpenIDFinish", the current OpenID extension makes redirection to another alias (international) URL before validating the original address.
In Japanese, the address from an OpenID provider includes "index.php?title=%E7%89%B9%E5%88%A5:OpenIDFinish", which redirected to "index.php?title=%E7%89%B9%E5%88%A5:OpenID%E5%AE%8C%E4%BA%86" before its validation.
Version: unspecified
Severity: critical