r61601 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r61600‎ \| r61601 \| r61602 >
Date:	20:35, 27 January 2010
Author:	sergeychernyshev
Status:	deferred
Tags:
Comment:	Applied security patch for Bug 22108
Modified paths:	/trunk/extensions/OpenID/SpecialOpenIDConvert.body.php (modified) (history) /trunk/extensions/OpenID/SpecialOpenIDLogin.body.php (modified) (history)

Diff [purge]

Index: trunk/extensions/OpenID/SpecialOpenIDLogin.body.php
—	—	@@ -418,13 +418,19 @@
419	419	case Auth_OpenID_SUCCESS:
420	420	// This means the authentication succeeded.
421	421	wfSuppressWarnings();
422		~~- $openid = $response->getDisplayIdentifier();~~
	422	+ $openid = $response->identity_url;
	423	+
	424	+ if (!$this->canLogin($openid)) {
	425	+ $wgOut->showErrorPage('openidpermission', 'openidpermissiontext');
	426	+ return;
	427	+ }
	428	+
423	429	$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse( $response );
424	430	$sreg = $sreg_resp->contents();
425	431	wfRestoreWarnings();
426	432
427	433	if ( is_null( $openid ) ) {
428		~~- wfDebug( "OpenID: aborting in auth success because display identifier is missing\n" );~~
	434	+ wfDebug( "OpenID: aborting in auth success because identity URL is missing\n" );
429	435	$wgOut->showErrorPage( 'openiderror', 'openiderrortext' );
430	436	return;
431	437	}
Index: trunk/extensions/OpenID/SpecialOpenIDConvert.body.php
—	—	@@ -226,6 +226,11 @@
227	227	// This means the authentication succeeded.
228	228	$openid_url = $response->identity_url;
229	229
	230	+ if (!$this->canLogin($openid_url)) {
	231	+ $wgOut->showErrorPage('openidpermission', 'openidpermissiontext');
	232	+ return;
	233	+ }
	234	+
230	235	if ( !isset( $openid_url ) ) {
231	236	wfDebug( "OpenID: aborting in openid converter because the openid_url was missing\n" );
232	237	$wgOut->showErrorPage( 'openiderror', 'openiderrortext' );

00:13, 28 January 2010 😂 (talk | contribs) changed the status of r61601 [removed: new added: deferred]