jenkins-bot has submitted this change and it was merged.
Change subject: Added sanity check for updating "wiki" field of consumer
acceptance
......................................................................
Added sanity check for updating "wiki" field of consumer acceptance
* Also removed an unused message
Change-Id: Id9dc0dbbef5c9497d6ea2b0ef82de7f067817f9a
---
M control/MWOAuthConsumerAcceptanceSubmitControl.php
M frontend/language/MWOAuth.i18n.php
2 files changed, 8 insertions(+), 1 deletion(-)
Approvals:
Aaron Schulz: Looks good to me, approved
jenkins-bot: Verified
diff --git a/control/MWOAuthConsumerAcceptanceSubmitControl.php
b/control/MWOAuthConsumerAcceptanceSubmitControl.php
index 58a9582..9652a13 100644
--- a/control/MWOAuthConsumerAcceptanceSubmitControl.php
+++ b/control/MWOAuthConsumerAcceptanceSubmitControl.php
@@ -121,6 +121,11 @@
}
$cmr = MWOAuthConsumer::newFromId( $dbw, $cmra->get(
'consumerId' ) );
+ if ( $cmr->get( 'wiki' ) !== '*' && $cmr->get( 'wiki' )
!== $this->vals['wiki'] ) {
+ return $this->failure( 'invalid_wiki',
+ 'mwoauth-invalid-access-wrongwiki',
$cmr->get( 'wiki' ) );
+ }
+
$grants = FormatJSON::decode( $this->vals['grants'],
true );
$cmra->setFields( array(
'wiki' => $this->vals['wiki'],
diff --git a/frontend/language/MWOAuth.i18n.php
b/frontend/language/MWOAuth.i18n.php
index 2523ee3..63d887b 100644
--- a/frontend/language/MWOAuth.i18n.php
+++ b/frontend/language/MWOAuth.i18n.php
@@ -55,6 +55,7 @@
'mwoauth-consumer-not-approved' => 'The consumer is not approved (it
may have been disabled)',
'mwoauth-invalid-consumer-key' => 'No consumer exists with the given
key.',
'mwoauth-invalid-access-token' => 'No access token exists with the
given key.',
+ 'mwoauth-invalid-access-wrongwiki' => 'The consumer can only be used on
wiki "$1".',
'mwoauth-consumer-conflict' => 'Someone changed the attributes of this
consumer as you viewed it. Please try again. You may want to check the change
log.',
'mwoauth-consumer-stage-proposed' => 'proposed',
@@ -193,7 +194,6 @@
'mwoauthconsumer-consumer-logpage' => 'OAuth consumer log',
'mwoauthconsumer-consumer-logpagetext' => 'Log of approvals,
rejections, and disabling of registered OAuth consumers.',
- 'mwoauth-bad-csrf-token' => 'Session failure when submitting form.
Please try your submissions again.',
'mwoauth-bad-request' => 'There was an error in your OAuth request.',
'mwoauthdatastore-access-token-not-found' => 'No approved grant was
found for that authorization token.',
'mwoauthdatastore-request-token-not-found' => 'No request was found for
that token.',
@@ -831,6 +831,8 @@
'action-mwoauthupdateownconsumer' =>
'{{Doc-action|mwoauthupdateownconsumer}}',
'action-mwoauthviewsuppressed' =>
'{{Doc-action|mwoauthviewsuppressed}}',
'mwoauthmanagemygrants-text' => 'Explanatory text for
Special:OAuthManageMyGrants page',
+ 'mwoauth-invalid-access-wrongwiki' => 'Used as error message.
Parameters:
+* $1 - the wiki ID the consumer is applicable to'
);
/** Asturian (asturianu)
--
To view, visit https://gerrit.wikimedia.org/r/89236
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id9dc0dbbef5c9497d6ea2b0ef82de7f067817f9a
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: Aaron Schulz <[email protected]>
Gerrit-Reviewer: Aaron Schulz <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: Siebrand <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
