Page MenuHomePhabricator
Create Task
Maniphest T26173

Improper return address ( $finish_page ) for non-ASCII OpenID uris
Closed, ResolvedPublic
Actions

Description

Author: yayamamo+bugwm

Description:
When you use MediaWiki not in the English mode, a return address ending with "OpenIDFinish" causes Auth_OpenID_FAILURE.
Although redirecting address from an OpenID provider includes "OpenIDFinish", the current OpenID extension makes redirection to another alias (international) URL before validating the original address.
In Japanese, the address from an OpenID provider includes "index.php?title=%E7%89%B9%E5%88%A5:OpenIDFinish", which redirected to "index.php?title=%E7%89%B9%E5%88%A5:OpenID%E5%AE%8C%E4%BA%86" before its validation.

Version: unspecified
Severity: critical

Details

Reference
bz24173

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:07 PM
bzimport added a project: MediaWiki-extensions-OpenID.
bzimport set Reference to bz24173.
bzimport created this task.Jun 29 2010, 10:27 AM
bzimport added a comment.Apr 3 2011, 5:23 AM

tantin.david wrote:

In french version we've got the same problem, because the OpenIDFinish url contains the international alias "Spécial" with an accentuated character.

siebrand added a comment.May 16 2011, 9:54 AM

Mass maintainer change.

Wikinaut added a comment.May 16 2011, 12:36 PM

marked as duplicate. The present bug is most likely caused by the same underlying problem: OpenID extension and/or php-openid library do stall in case of OpenID uris with non-ASCII characters.

  • This bug has been marked as a duplicate of bug 21296 ***
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL