Gergő Tisza has uploaded a new change for review.
https://gerrit.wikimedia.org/r/232220
Change subject: Validate status codes returned from the AbortLogin hook
......................................................................
Validate status codes returned from the AbortLogin hook
In case of a return value which is not in LoginForm::$statusCodes,
this results in a nicer error message instead of an array access error.
Bug: T109193
Change-Id: I64c955327c7dfc64807fa83d30538f3da66618bc
---
M includes/specials/SpecialUserlogin.php
1 file changed, 3 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/20/232220/1
diff --git a/includes/specials/SpecialUserlogin.php
b/includes/specials/SpecialUserlogin.php
index 0b500f4..f68d1d8 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -768,8 +768,10 @@
// Give general extensions, such as a captcha, a chance to
abort logins
$abort = self::ABORTED;
if ( !Hooks::run( 'AbortLogin', array( $u, $this->mPassword,
&$abort, &$msg ) ) ) {
+ if ( !in_array( $abort, self::$statusCodes, true ) ) {
+ throw new Exception( 'Invalid status code
returned from AbortLogin hook' );
+ }
$this->mAbortLoginErrorMsg = $msg;
-
return $abort;
}
--
To view, visit https://gerrit.wikimedia.org/r/232220
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I64c955327c7dfc64807fa83d30538f3da66618bc
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Gergő Tisza <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
