r32091 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r32090‎ \| r32091 \| r32092 >
Date:	04:05, 18 March 2008
Author:	tstarling
Status:	old
Tags:
Comment:	Removed "empty" account migration feature to avoid compromise of the global account by malicious empty local accounts. Empty accounts can be safely usurped by renaming them with Special:Renameuser, as per normal procedure. Also require email addresses to be authenticated before email-based migration, for the same reason. Password-based migration does not require an authenticated email address. Thanks to Rotem for pointing out these issues.
Modified paths:	/trunk/extensions/CentralAuth/CentralAuthUser.php (modified) (history)

Diff [purge]

Index: trunk/extensions/CentralAuth/CentralAuthUser.php
—	—	@@ -401,13 +401,11 @@
402	402	} elseif( $this->matchHashes( $passwords, $local['id'], $local['password'] ) ) {
403	403	// Matches the pre-authenticated password, yay!
404	404	$method = 'password';
405		~~- } elseif( isset( $passingMail[$local['email']] ) ) {~~
	405	+ } elseif( $local['emailAuthenticated'] && isset( $passingMail[$local['email']] ) ) {
406	406	// Same e-mail as primary means we know they could
407	407	// reset their password, so we give them the account.
	408	+ // Authenticated email addresses only to prevent merges with malicious users
408	409	$method = 'mail';
409		~~- } elseif( $local['editCount'] == 0 ) {~~
410		~~- // Unused accounts are fair game for reclaiming~~
411		~~- $method = 'empty';~~
412	410	} else {
413	411	// Can't automatically resolve this account.
414	412	//
—	—	@@ -664,14 +662,26 @@
665	663	if( $dbw->affectedRows() == 0 ) {
666	664	wfDebugLog( 'CentralAuth',
667	665	"Race condition? Already attached $this->mName@$dbname, just tried by '$method'" );
668		~~- } else {~~
669		~~- wfDebugLog( 'CentralAuth',~~
670		~~- "Attaching local user $this->mName@$dbname by '$method'" );~~
	666	+ return;
	667	+ }
	668	+ wfDebugLog( 'CentralAuth',
	669	+ "Attaching local user $this->mName@$dbname by '$method'" );
671	670
672		~~- global $wgDBname;~~
673		~~- if( $dbname == $wgDBname ) {~~
674		~~- $this->resetState();~~
675		~~- }~~
	671	+ /**
	672	+ * Reset credentials in the local user table, to avoid compromise of the
	673	+ * merged account by a malicious zero-edit account.
	674	+ */
	675	+ $dbl = self::getLocalDB( $dbname );
	676	+ $dbl->update( 'user',
	677	+ array(
	678	+ 'user_email' => $this->mEmail,
	679	+ 'user_newpassword' => '',
	680	+ 'user_'));
	681	+
	682	+
	683	+ global $wgDBname;
	684	+ if( $dbname == $wgDBname ) {
	685	+ $this->resetState();
676	686	}
677	687	}
678	688

Status & tagging log

15:25, 12 September 2011 Meno25 (talk | contribs) changed the status of r32091 [removed: ok added: old]