Fix login with temporary password with $wgSecureLogin = true

The problem is that FauxRequest sets the protocol to http by default,
thus triggering the redirect when executing Special:UserLogin in the
background to log the user in after having reset his password.

DerivativeRequest is now used instead of FauxRequest so that the
protocol is correctly forwarded, and the redirect will not be
triggered.

Bug: 57289
Change-Id: I252351ff7d446283c9d1ab5f79b5cdbce71b76e0

diff --git a/includes/specials/SpecialChangePassword.php b/includes/specials/SpecialChangePassword.php
index 8b96e6c..43a4d2c 100644 (file)
--- a/includes/specials/SpecialChangePassword.php
+++ b/includes/specials/SpecialChangePassword.php
@@ -99,7 +99,7 @@ class SpecialChangePassword extends UnlistedSpecialPage {
                                                'wpLoginToken' => $token,
                                                'wpPassword' => $request->getVal( 'wpNewPassword' ),
                                        ) + $request->getValues( 'wpRemember', 'returnto', 'returntoquery' );
-                                       $login = new LoginForm( new FauxRequest( $data, true ) );
+                                       $login = new LoginForm( new DerivativeRequest( $request, $data, true ) );
                                        $login->setContext( $this->getContext() );
                                        $login->execute( null );
                                }