Last modified: 2013-11-22 20:10:01 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T56511, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 54511 - E:OpenID as server: OpenIDServer shows a blank content page in case of untrusted $wgOpenIDTrustRoot. Should display a meaningful error message.


Summary:	E:OpenID as server: OpenIDServer shows a blank content page in case of untrus...

Status:	RESOLVED FIXED

Product:	MediaWiki extensions
Classification:	Unclassified
Component:	OpenID (Other open bugs)
Version:	master
Hardware:	All All

Importance:	High major (vote)
Target Milestone:	---
Assigned To:	T. Gries

URL:
Whiteboard:
Keywords:

Duplicates:	57331 (view as bug list)
Depends on:
Blocks:	9604
	Show dependency tree / graph

Reported:	2013-09-24 16:19 UTC by Brad Jorsch
Modified:	2013-11-22 20:10 UTC (History)
CC List:	2 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Brad Jorsch 2013-09-24 16:19:20 UTC

At SpecialOpenIDServer.body.php line 192, the code is trying to access a "mode" property on an Auth_OpenID_UntrustedReturnURL object. This property does not exist, although looking at the posted request the value 'checkid_setup' is probably what is intended.

Due to the missing value, it misses the proper case in the switch and we wind up with an empty page returned to the user. When I correct for this, it gives me a form asking if I want to trust something-or-other which seems to be the intended behavior.

On the other hand, that trust form doesn't actually work when submitted; various errors about "The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "Auth_OpenID_UntrustedReturnURL" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition" get logged and eventually something fatals.

Comment 1 T. Gries 2013-10-06 16:49:31 UTC

please indicate the exact versions of

* MediaWiki and
* Extension:OpenID

as indicated on your MediaWiki's Special:Version page.

Comment 2 Brad Jorsch 2013-10-07 14:56:14 UTC

Both were git master on 2013-09-24.

For that matter, it's still up on https://w3-oauth.wikipedia.wmflabs.org/wiki/Main_Page and automatically pulling master periodically, although I don't know what state the configuration is in at the moment.

Comment 3 T. Gries 2013-11-21 07:35:51 UTC

*** Bug 57331 has been marked as a duplicate of this bug. ***

Comment 4 T. Gries 2013-11-21 07:38:13 UTC

Problem confirmed!
Will be fixed in version 4.00.

Comment 5 Gerrit Notification Bot 2013-11-22 19:35:38 UTC

Change 97075 had a related patch set (by Wikinaut) published:
Bug 54511: OpenIDServer show error msg in case of untrusted $wgOpenIDTrustRoot

https://gerrit.wikimedia.org/r/97075

Comment 6 Gerrit Notification Bot 2013-11-22 20:09:31 UTC

Change 97075 merged by Wikinaut:
Bug 54511: Let OpenIDServer show an error msg for untrusted TrustRoot

https://gerrit.wikimedia.org/r/97075

Comment 7 T. Gries 2013-11-22 20:10:01 UTC

solved in version 3.44, which is merged now.

Note You need to log in before you can comment on or make changes to this bug.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links