r68501 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r68500‎ \| r68501 \| r68502 >
Date:	03:04, 24 June 2010
Author:	laner
Status:	deferred (Comments)
Tags:
Comment:	* Fixed issue with single domains, and non-auto-authentication domains being non-operational due to security fix in r68436 * Fixed another issue with mail me a password not working properly
Modified paths:	/trunk/extensions/LdapAuthentication/LdapAuthentication.php (modified) (history)

Diff [purge]

Index: trunk/extensions/LdapAuthentication/LdapAuthentication.php
—	—	@@ -39,7 +39,7 @@
40	40	# Support is available at http://www.mediawiki.org/wiki/Extension_talk:LDAP_Authentication
41	41	#
42	42
43		~~-if ( !defined( 'MEDIAWIKI' ) ) exit;~~
	43	+//if ( !defined( 'MEDIAWIKI' ) ) exit;
44	44
45	45	$wgLDAPDomainNames = array();
46	46	$wgLDAPServerNames = array();
—	—	@@ -94,7 +94,7 @@
95	95	$wgExtensionCredits['other'][] = array(
96	96	'path' => __FILE__,
97	97	'name' => 'LDAP Authentication Plugin',
98		~~- 'version' => '1.2b',~~
	98	+ 'version' => '1.2c',
99	99	'author' => 'Ryan Lane',
100	100	'descriptionmsg' => 'ldapauthentication-desc',
101	101	'url' => 'http://www.mediawiki.org/wiki/Extension:LDAP_Authentication',
—	—	@@ -456,7 +456,7 @@
457	457	array_push( $tempDomArr, 'local' );
458	458	}
459	459
460		~~- if ( isset( $wgLDAPAutoAuthDomain ) ) {~~
	460	+ if ( isset( $wgLDAPAutoAuthDomain ) && $wgLDAPAutoAuthDomain != "" ) {
461	461	$this->printDebug( "Allowing auto-authentication login, removing the domain from the list.", NONSENSITIVE );
462	462
463	463	// There is no reason for people to log in directly to the wiki if the are using an
—	—	@@ -919,7 +919,7 @@
920	920
921	921	$this->printDebug( "Entering strict.", NONSENSITIVE );
922	922
923		~~- if ( $wgLDAPUseLocal \|\| $wgLDAPMailPassword ) {~~
	923	+ if ( $wgLDAPUseLocal \|\| ( isset( $wgLDAPMailPassword[$_SESSION['wsDomain']] ) && $wgLDAPMailPassword[$_SESSION['wsDomain']] ) ) {
924	924	$this->printDebug( "Returning false in strict().", NONSENSITIVE );
925	925	return false;
926	926	} else {
—	—	@@ -1836,16 +1836,16 @@
1837	1837	$wgAuth->printDebug( "Entering AutoAuthSetup.", NONSENSITIVE );
1838	1838
1839	1839	// Set configuration options for backwards compatibility
1840		~~- if ( isset( $wgLDAPSSLUsername ) ) {~~
	1840	+ if ( isset( $wgLDAPSSLUsername ) && $wgLDAPSSLUsername != "" ) {
1841	1841	$wgAuth->printDebug( 'Setting $wgLDAPAutoAuthUsername to $wgLDAPSSLUsername; please change your configuration to fix this deprecated configuration variable.', NONSENSITIVE );
1842	1842	$wgLDAPAutoAuthUsername = $wgLDAPSSLUsername;
1843	1843	}
1844		~~- if ( isset( $wgLDAPSmartcardDomain ) ) {~~
	1844	+ if ( isset( $wgLDAPSmartcardDomain ) && $wgLDAPSmartcardDomain != "" ) {
1845	1845	$wgAuth->printDebug( 'Setting $wgLDAPAutoAuthDomain to $wgLDAPSmartcardDomain; please change your configuration to fix this deprecated configuration variable.', NONSENSITIVE );
1846	1846	$wgLDAPAutoAuthDomain = $wgLDAPSmartcardDomain;
1847	1847	}
1848	1848
1849		~~- if ( $wgLDAPAutoAuthUsername != null ) {~~
	1849	+ if ( $wgLDAPAutoAuthUsername != "" ) {
1850	1850	$wgAuth->printDebug( "wgLDAPAutoAuthUsername is not null, adding hooks.", NONSENSITIVE );
1851	1851	if ( version_compare( $wgVersion, '1.14.0', '<' ) ) {
1852	1852	if ( version_compare( $wgVersion, '1.13.0', '<' ) ) {

Follow-up revisions

Revision	Commit summary	Author	Date
r68550	Fixed $wgLDAPAutoAuthUsername check, and uncommented the MEDIAWIKI check, per...	laner	03:44, 25 June 2010

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r68436	Fix possible remote_global vulnerabilities, and fix for r68288	laner	00:41, 23 June 2010

Comments

#Comment by Nikerabbit (talk | contribs) 05:52, 24 June 2010

+//if ( !defined( 'MEDIAWIKI' ) ) exit;

Intentional?

if ( $wgLDAPAutoAuthUsername != "" ) {

Might fail if username consists of only zeros depending which data type PHP chooses.

#Comment by Nikerabbit (talk | contribs) 05:52, 24 June 2010

+//if ( !defined( 'MEDIAWIKI' ) ) exit;

Intentional?

if ( $wgLDAPAutoAuthUsername != "" ) {

Might fail if username consists of only zeros depending which data type PHP chooses.

#Comment by Nikerabbit (talk | contribs) 05:57, 24 June 2010

Is there a bug in Code Review? I'm pretty sure I didn't post this twice.

#Comment by Reedy (talk | contribs) 06:09, 24 June 2010

I've had a few double post, not a regular occurrence...

#Comment by Ryan lane (talk | contribs) 13:32, 24 June 2010

Ok. I need to stop coding at 11:00 at night. I commented that out when I was debugging something. It isn't actually needed, since calling the extension directly would have no affect, but I had it in for paranoia's sake anyway. I'll put it back in tonight.

As for the wgLDAPAutoAuthUsername check, what would be a better way of checking that? I was unaware that a zero could ever equal an empty string.

#Comment by Liangent (talk | contribs) 13:37, 24 June 2010

In my test, '0' != '' but 0 == ''. PHP 5.3.1-5

#Comment by Nikerabbit (talk | contribs) 13:39, 24 June 2010

I think !== is suitable comparison operator here.

#Comment by Ryan lane (talk | contribs) 13:39, 24 June 2010

Ok. Good to know. Will fix this tonight.

#Comment by Ryan lane (talk | contribs) 03:45, 25 June 2010

Fixed in 68550

#Comment by Ryan lane (talk | contribs) 03:45, 25 June 2010

Make that r68550

Status & tagging log

18:20, 8 September 2010 😂 (talk | contribs) changed the status of r68501 [removed: new added: deferred]
03:45, 25 June 2010 Ryan lane (talk | contribs) changed the status of r68501 [removed: fixme added: new]
13:32, 24 June 2010 Ryan lane (talk | contribs) changed the status of r68501 [removed: deferred added: fixme]
11:12, 24 June 2010 MaxSem (talk | contribs) changed the status of r68501 [removed: new added: deferred]