From: Gergő Tisza <gtisza@wikimedia.org>
Date: Mon, 17 Aug 2015 23:08:00 +0000 (+0000)
Subject: Validate status codes returned from the AbortLogin hook
X-Git-Tag: 1.31.0-rc.0~9263
X-Git-Url: https://git.heureux-cyclage.org/?a=commitdiff_plain;ds=sidebyside;h=13769342a1a8006b09d73a1c803fd85402f8004e;p=lhc%2Fweb%2Fwiklou.git

Validate status codes returned from the AbortLogin hook

In case of a return value which is not in LoginForm::$statusCodes,
this results in a nicer error message instead of an array access error.

Bug: T109193
Change-Id: I64c955327c7dfc64807fa83d30538f3da66618bc
---

diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index de69b9d021..8facb35c41 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -783,8 +783,10 @@ class LoginForm extends SpecialPage {
 		// Give general extensions, such as a captcha, a chance to abort logins
 		$abort = self::ABORTED;
 		if ( !Hooks::run( 'AbortLogin', array( $u, $this->mPassword, &$abort, &$msg ) ) ) {
+			if ( !in_array( $abort, self::$statusCodes, true ) ) {
+				throw new Exception( 'Invalid status code returned from AbortLogin hook: ' . $abort );
+			}
 			$this->mAbortLoginErrorMsg = $msg;
-
 			return $abort;
 		}