Validate status codes returned from the AbortLogin hook

[lhc/web/wiklou.git] / includes / specials / SpecialUserlogin.php

diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index de69b9d..8facb35 100644 (file)
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -783,8 +783,10 @@ class LoginForm extends SpecialPage {
                // Give general extensions, such as a captcha, a chance to abort logins
                $abort = self::ABORTED;
                if ( !Hooks::run( 'AbortLogin', array( $u, $this->mPassword, &$abort, &$msg ) ) ) {
+                       if ( !in_array( $abort, self::$statusCodes, true ) ) {
+                               throw new Exception( 'Invalid status code returned from AbortLogin hook: ' . $abort );
+                       }
                        $this->mAbortLoginErrorMsg = $msg;
-
                        return $abort;
                }