Page MenuHomePhabricator
Create Task
Maniphest T96581

CA uses localStorage without guarding for exceptions
Closed, ResolvedPublic
Actions

Description

We know that localStorage fails quite easily, mostly due to it being filled up. I was looking at my web inspector a bit today and happened to catch that on CentralAuth we use localStorage, without guarding against setItem exceptions such as QUOTA_EXCEEDED_ERR.

var t=new Date();t.setTime(t.getTime()+86400000);if('localStorage'in window&&window.localStorage)
{localStorage.setItem('CentralAuthAnon',t.getTime());}else{document.cookie='CentralAuthAnon=1;
expires='+t.toGMTString()+'; path=/';}

from https://login.wikimedia.org/wiki/Special:CentralAutoLogin/checkLoggedIn?type=script&wikiid=enwiki&proto=https&return=1&returnto=Main+Page

Details

SubjectRepoBranchLines +/-
Guard against QUOTA_EXCEEDED_ERR for anon usersmediawiki/extensions/CentralAuthmaster+3 -2
Customize query in gerrit

Related Objects

Event Timeline

TheDJ created this task.Apr 20 2015, 5:38 PM
TheDJ raised the priority of this task from to Needs Triage.
TheDJ updated the task description. (Show Details)
TheDJ added a project: MediaWiki-extensions-CentralAuth.
TheDJ subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 20 2015, 5:38 PM
TheDJ added a project: JavaScript.Apr 20 2015, 5:39 PM
TheDJ set Security to None.
Legoktm triaged this task as Medium priority.May 15 2015, 7:33 PM
Legoktm added a project: good first task.
gerritbot subscribed.May 15 2015, 9:48 PM

Change 211295 had a related patch set uploaded (by TheDJ):
Guard against QUOTA_EXCEEDED_ERR for anon users

https://gerrit.wikimedia.org/r/211295

gerritbot added a project: Patch-For-Review.May 15 2015, 9:48 PM
gerritbot added a comment.May 16 2015, 12:42 AM

Change 211295 merged by jenkins-bot:
Guard against QUOTA_EXCEEDED_ERR for anon users

https://gerrit.wikimedia.org/r/211295

TheDJ mentioned this in rMEXTd0317d450d01: Updated mediawiki/extensions Project: mediawiki/extensions/CentralAuth….May 16 2015, 12:42 AM
TheDJ mentioned this in rECAU14a7ac5d751f: Guard against QUOTA_EXCEEDED_ERR for anon users.
TheDJ closed this task as Resolved.May 16 2015, 8:50 AM
TheDJ claimed this task.
TheDJ removed a project: Patch-For-Review.
MarcoAurelio moved this task from Backlog to Done on the MediaWiki-extensions-CentralAuth board.May 25 2015, 11:47 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL