Page MenuHomePhabricator

CA uses localStorage without guarding for exceptions
Closed, ResolvedPublic

Description

We know that localStorage fails quite easily, mostly due to it being filled up. I was looking at my web inspector a bit today and happened to catch that on CentralAuth we use localStorage, without guarding against setItem exceptions such as QUOTA_EXCEEDED_ERR.

var t=new Date();t.setTime(t.getTime()+86400000);if('localStorage'in window&&window.localStorage)
{localStorage.setItem('CentralAuthAnon',t.getTime());}else{document.cookie='CentralAuthAnon=1;
expires='+t.toGMTString()+'; path=/';}

from https://login.wikimedia.org/wiki/Special:CentralAutoLogin/checkLoggedIn?type=script&wikiid=enwiki&proto=https&return=1&returnto=Main+Page

Event Timeline

TheDJ created this task.Apr 20 2015, 5:38 PM
TheDJ raised the priority of this task from to Needs Triage.
TheDJ updated the task description. (Show Details)
TheDJ added a subscriber: TheDJ.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 20 2015, 5:38 PM
TheDJ set Security to None.
Legoktm triaged this task as Normal priority.May 15 2015, 7:33 PM
Legoktm added a project: good first bug.

Change 211295 had a related patch set uploaded (by TheDJ):
Guard against QUOTA_EXCEEDED_ERR for anon users

https://gerrit.wikimedia.org/r/211295

Change 211295 merged by jenkins-bot:
Guard against QUOTA_EXCEEDED_ERR for anon users

https://gerrit.wikimedia.org/r/211295

TheDJ closed this task as Resolved.May 16 2015, 8:50 AM
TheDJ claimed this task.
TheDJ removed a project: Patch-For-Review.