r112471 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r112470‎ \| r112471 \| r112472 >
Date:	05:27, 27 February 2012
Author:	laner
Status:	ok
Tags:
Comment:	Seems getCanonicalName is used to also check page names, which causes nastiness when anons click redlinks. I want to stab our authentication code for reusing this function in this way. This fix works around an error by only connecting to LDAP if the user is also using a valid name. That said, this is a major issue all around. When a user is logged in, if they click a red link it's going to cause an LDAP lookup unless memcache is being used and there is a key hit, and that's stupid.
Modified paths:	/trunk/extensions/LdapAuthentication/LdapAuthentication.php (modified) (history)

Diff [purge]

Index: trunk/extensions/LdapAuthentication/LdapAuthentication.php
—	—	@@ -1156,7 +1156,7 @@
1157	1157	$key = wfMemcKey( 'ldapauthentication', 'canonicalname', $username );
1158	1158	$canonicalname = $username;
1159	1159	if ( $username != '' ) {
1160		~~- $this->printDebug( "Username isn't empty.", NONSENSITIVE );~~
	1160	+ $this->printDebug( "Username is: $username", NONSENSITIVE );
1161	1161	if ( $this->getConf( 'LowercaseUsernameScheme' ) ) {
1162	1162	$canonicalname = strtolower( $canonicalname );
1163	1163	} else {
—	—	@@ -1169,7 +1169,7 @@
1170	1170	return $userInfo["canonicalname"];
1171	1171	}
1172	1172	} else {
1173		~~- if ( $this->connect() ) {~~
	1173	+ if ( $this->validDomain( $this->getSessionDomain() ) && $this->connect() ) {
1174	1174	// Try to pull the username from LDAP. In the case of straight binds,
1175	1175	// try to fetch the username by search before bind.
1176	1176	$this->userdn = $this->getUserDN( $username, true );

03:47, 8 March 2012 😂 (talk | contribs) changed the status of r112471 [removed: new added: ok]