Page MenuHomePhabricator
Create Task
Maniphest T56511

E:OpenID as server: OpenIDServer shows a blank content page in case of untrusted $wgOpenIDTrustRoot. Should display a meaningful error message.
Closed, ResolvedPublic
Actions

Description

At SpecialOpenIDServer.body.php line 192, the code is trying to access a "mode" property on an Auth_OpenID_UntrustedReturnURL object. This property does not exist, although looking at the posted request the value 'checkid_setup' is probably what is intended.

Due to the missing value, it misses the proper case in the switch and we wind up with an empty page returned to the user. When I correct for this, it gives me a form asking if I want to trust something-or-other which seems to be the intended behavior.

On the other hand, that trust form doesn't actually work when submitted; various errors about "The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "Auth_OpenID_UntrustedReturnURL" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition" get logged and eventually something fatals.

Version: master
Severity: major

Details

Reference
bz54511

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 2:14 AM
bzimport added a project: MediaWiki-extensions-OpenID.
bzimport set Reference to bz54511.
Anomie created this task.Sep 24 2013, 4:19 PM
Wikinaut added a comment.Oct 6 2013, 4:49 PM

please indicate the exact versions of

  • MediaWiki and
  • Extension:OpenID

as indicated on your MediaWiki's Special:Version page.

Anomie added a comment.Oct 7 2013, 2:56 PM

Both were git master on 2013-09-24.

For that matter, it's still up on https://w3-oauth.wikipedia.wmflabs.org/wiki/Main_Page and automatically pulling master periodically, although I don't know what state the configuration is in at the moment.

Wikinaut added a comment.Nov 21 2013, 7:35 AM
  • Bug 57331 has been marked as a duplicate of this bug. ***
Wikinaut added a comment.Nov 21 2013, 7:38 AM

Problem confirmed!
Will be fixed in version 4.00.

gerritbot added a comment.Nov 22 2013, 7:35 PM

Change 97075 had a related patch set (by Wikinaut) published:
Bug 54511: OpenIDServer show error msg in case of untrusted $wgOpenIDTrustRoot

https://gerrit.wikimedia.org/r/97075

gerritbot added a comment.Nov 22 2013, 8:09 PM

Change 97075 merged by Wikinaut:
Bug 54511: Let OpenIDServer show an error msg for untrusted TrustRoot

https://gerrit.wikimedia.org/r/97075

Wikinaut added a comment.Nov 22 2013, 8:10 PM

solved in version 3.44, which is merged now.

Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL