$wgSecureLogin is broken
Closed, ResolvedPublic

Description

Redirect loops just like described in https://gerrit.wikimedia.org/r/#/c/25530/1/includes/specials/SpecialUserlogin.php


Version: 1.20.x
Severity: major

Details

Reference
bz40789

Seems to be related to this: all our users now get forcefully redirected to https *after* logging even when $wgSecureLogin is false.

That's a pretty big oversight on my part. My apologies. This entire week I feel like I've been getting stupider. Standby for patch.

Tyler's fix is merged, and will go out with 1.21wmf2. Is this breaking anything to the point that we need to do a live fix on the cluster?

Yes. The problem occurs when $wgSecureLogin is set to false, in which case users are redirected to HTTPS incorrectly.

Verified on http://sandbox.translatewiki.net/ (updated sandbox.translatewiki.net to be7d611 2012-10-11 08:51:13 +0000).

Is this going to be backported and deployed before 1.21wmf2?

It'd be great if it could be, quite frankly. Some of the bots Wikipedia uses for site maintenance are reliant on this working. The central help forum for en-wiki hasn't been able to archive itself since the bug.

(In reply to comment #8)

It'd be great if it could be, quite frankly. Some of the bots Wikipedia uses
for site maintenance are reliant on this working. The central help forum for
en-wiki hasn't been able to archive itself since the bug.

So is this in 1.20.0 or not?

Above, Chris says it'll be in 1.21wmf2. I think that's a no.

Add Comment