Page MenuHomePhabricator

E:OpenID as server: OpenIDServer shows a blank content page in case of untrusted $wgOpenIDTrustRoot. Should display a meaningful error message.
Closed, ResolvedPublic

Description

At SpecialOpenIDServer.body.php line 192, the code is trying to access a "mode" property on an Auth_OpenID_UntrustedReturnURL object. This property does not exist, although looking at the posted request the value 'checkid_setup' is probably what is intended.

Due to the missing value, it misses the proper case in the switch and we wind up with an empty page returned to the user. When I correct for this, it gives me a form asking if I want to trust something-or-other which seems to be the intended behavior.

On the other hand, that trust form doesn't actually work when submitted; various errors about "The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "Auth_OpenID_UntrustedReturnURL" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition" get logged and eventually something fatals.


Version: master
Severity: major

Details

Reference
bz54511

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 2:14 AM
bzimport set Reference to bz54511.
Anomie created this task.Sep 24 2013, 4:19 PM

please indicate the exact versions of

  • MediaWiki and
  • Extension:OpenID

as indicated on your MediaWiki's Special:Version page.

Anomie added a comment.Oct 7 2013, 2:56 PM

Both were git master on 2013-09-24.

For that matter, it's still up on https://w3-oauth.wikipedia.wmflabs.org/wiki/Main_Page and automatically pulling master periodically, although I don't know what state the configuration is in at the moment.

  • Bug 57331 has been marked as a duplicate of this bug. ***

Problem confirmed!
Will be fixed in version 4.00.

Change 97075 had a related patch set (by Wikinaut) published:
Bug 54511: OpenIDServer show error msg in case of untrusted $wgOpenIDTrustRoot

https://gerrit.wikimedia.org/r/97075

Change 97075 merged by Wikinaut:
Bug 54511: Let OpenIDServer show an error msg for untrusted TrustRoot

https://gerrit.wikimedia.org/r/97075

solved in version 3.44, which is merged now.