r26321 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r26320‎ \| r26321 \| r26322 >
Date:	18:18, 2 October 2007
Author:	brion
Status:	old
Tags:
Comment:	Further security fix -- enforce assertions about attached state on the form submission handlers, not just on showing the form. Ensures that unattached users have to put in the global pass, not their own pass, to attach. :)
Modified paths:	/trunk/extensions/CentralAuth/SpecialMergeAccount.php (modified) (history)

Diff [purge]

Index: trunk/extensions/CentralAuth/SpecialMergeAccount.php
—	—	@@ -256,6 +256,10 @@
257	257	throw new MWException( "User doesn't exist -- race condition?" );
258	258	}
259	259
	260	+ if( !$globalUser->isAttached() ) {
	261	+ throw new MWException( "Can't cleanup merge if not already attached." );
	262	+ }
	263	+
260	264	if( $wgCentralAuthDryRun ) {
261	265	return $this->dryRunError();
262	266	}
—	—	@@ -288,6 +292,10 @@
289	293	throw new MWException( "User doesn't exist -- race condition?" );
290	294	}
291	295
	296	+ if( $globalUser->isAttached() ) {
	297	+ throw new MWException( "Already attached -- race condition?" );
	298	+ }
	299	+
292	300	if( $wgCentralAuthDryRun ) {
293	301	return $this->dryRunError();
294	302	}

15:21, 12 September 2011 Meno25 (talk | contribs) changed the status of r26321 [removed: ok added: old]