Page MenuHomePhabricator

E:OpenID as server: OpenIDServer shows a blank content page in case of untrusted $wgOpenIDTrustRoot. Should display a meaningful error message.
Closed, ResolvedPublic


At SpecialOpenIDServer.body.php line 192, the code is trying to access a "mode" property on an Auth_OpenID_UntrustedReturnURL object. This property does not exist, although looking at the posted request the value 'checkid_setup' is probably what is intended.

Due to the missing value, it misses the proper case in the switch and we wind up with an empty page returned to the user. When I correct for this, it gives me a form asking if I want to trust something-or-other which seems to be the intended behavior.

On the other hand, that trust form doesn't actually work when submitted; various errors about "The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "Auth_OpenID_UntrustedReturnURL" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition" get logged and eventually something fatals.

Version: master
Severity: major



Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 2:14 AM
bzimport set Reference to bz54511.

please indicate the exact versions of

  • MediaWiki and
  • Extension:OpenID

as indicated on your MediaWiki's Special:Version page.

Both were git master on 2013-09-24.

For that matter, it's still up on and automatically pulling master periodically, although I don't know what state the configuration is in at the moment.

  • Bug 57331 has been marked as a duplicate of this bug. ***

Problem confirmed!
Will be fixed in version 4.00.

Change 97075 had a related patch set (by Wikinaut) published:
Bug 54511: OpenIDServer show error msg in case of untrusted $wgOpenIDTrustRoot

Change 97075 merged by Wikinaut:
Bug 54511: Let OpenIDServer show an error msg for untrusted TrustRoot

solved in version 3.44, which is merged now.