Skip Menu |
 

This queue is for tickets about the CMS-MediaWiki CPAN distribution.

Report information
The Basics
Id: 83329
Status: patched
Worked: 1 hour (60 min)
Priority: 0/
Queue: CMS-MediaWiki

People
Owner: Nobody in particular
Requestors: PJNEWMAN [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Critical
Broken in: 0.8014
Fixed in: (no value)



Subject: Can't login for MW versions greater than 1.15.3 and 1.16.0beta2
Download (untitled) / with headers
text/plain 207b
See here for more info, they added a wpLoginToken hidden field which needs to be passed back to login: https://bugzilla.wikimedia.org/show_bug.cgi?id=23076 I'll do a patch soon if one doesn't already exist?
Download (untitled) / with headers
text/plain 176b
As promised, a patch that gets it working with newer versions of MW and also adds a bit more debug and uses public methods, rather than private variables from HTTP::Response.
Subject: cms-mediawiki-new-mediawiki.diff
--- CMS\MediaWiki.pm.old Thu Feb 21 08:29:38 2013 +++ CMS\MediaWiki.pm Thu Feb 21 08:29:38 2013 @@ -13,7 +13,7 @@ ####################################################################### use strict; my $package = __PACKAGE__; -our $VERSION = '0.8014'; +our $VERSION = '0.8015'; use LWP::UserAgent; use HTTP::Request::Common; @@ -37,7 +37,7 @@ $self->{'protocol'} = $params{'protocol'} || 'http'; # optional $self->{'host' } = $params{'host'} || 'localhost'; $self->{'path' } = $params{'path'} || ''; - $self->{'debug' } = $params{'debug'} || 0; # 0, 1, 2 + $self->{'debug' } = $params{'debug'} || 0; # 0, 1, 2, 3 $Var{'SERVER_SIG'} = '*Unknown*'; $Var{'EDIT_TIME_BEFORE'} = '*Unknown*'; @@ -76,6 +76,20 @@ my $login_url = "$args{'protocol'}://$args{'host'}$index_path?title=Special:Userlogin&action=submitlogin"; + # (Pre-)fetch page for token... + my $pre_resp = $ua->request(GET $login_url); + my @lines = split /\n/, $pre_resp->content(); + my $login_token = ''; + foreach (@lines) { + #Debug "X $_"; + if (/wpLoginToken/) { + s/type=.?hidden.? *name="wpLoginToken" *value="(.+)"/$1/i; + $login_token = $1; + $tags{'wpLoginToken'} = $login_token; + Debug "[login] Got wpLoginToken" if $self->{'debug'}; + } + } + Debug "[login] POST $login_url\..." if $self->{'debug'}; my $resp = $ua->request( @@ -85,17 +99,18 @@ ); my $login_okay = 0; - foreach (keys %{$resp->{'_headers'}}) { - Debug "(header) $_ = " . $resp->{'_headers'}->{$_} if $self->{'debug'} > 1; + foreach ($resp->header_field_names()) { + Debug "(header) $_ = " . $resp->header($_) if $self->{'debug'} > 1; if ($_ =~ /^set-cookie$/i) { - my $arr = $resp->{'_headers'}->{$_}; - if ($arr =~ /^ARRAY(.+)$/) { + my $arr = [$resp->header($_)]; + if (ref($arr) eq 'ARRAY') { foreach (@{$arr}) { Debug "- (cookie) $_" if $self->{'debug'} > 1; # wikiUserID or wikidbUserID if ($_ =~ /UserID=\d+\;/i) { # Success! $login_okay = 1; + Debug "(cookie) Got UserID" if $self->{'debug'} > 1; } Debug "(cookie) $_" if $self->{'debug'} > 1; } @@ -105,9 +120,11 @@ } } if ($_ =~ /^server$/i) { - $Var{'SERVER_SIG'} = $resp->{'_headers'}->{$_}; + $Var{'SERVER_SIG'} = $resp->header($_); } } + + Debug "(decoded content) =\n" . $resp->decoded_content() if $self->{'debug'} > 2; return $login_okay ? 0 : 1; } @@ -133,9 +150,13 @@ Debug "Editing page '$args{'title'}' (section '$args{'section'}')..." if $self->{'debug'}; my $edit_section = length($args{'section'}) > 0 ? "\&section=$args{'section'}" : ''; + + my $edit_url = "$args{'protocol'}://$WHOST/$WPATH/index.php?title=$args{'title'}&action=edit$edit_section"; + Debug "[editPage] GET $edit_url" if $self->{'debug'}; + # (Pre-)fetch page... - my $resp = $ua->request(GET "$args{'protocol'}://$WHOST/$WPATH/index.php?title=$args{'title'}&action=edit$edit_section"); + my $resp = $ua->request(GET $edit_url); my @lines = split /\n/, $resp->content(); my $token = my $edit_time = ''; foreach (@lines) { @@ -181,12 +202,15 @@ Content => [ %tags ] ); - foreach (sort keys %{$resp->{'_headers'}}) { - Debug "(header) $_ = " . $resp->{'_headers'}->{$_} if $self->{'debug'} > 1; + foreach (sort $resp->header_field_names()) { + Debug "(header) $_ = " . $resp->header($_) if $self->{'debug'} > 1; } - my $response_location = $resp->{'_headers'}->{'location'} || ''; + my $response_location = $resp->header('Location') || ''; Debug "Response Location: $response_location" if $self->{'debug'}; Debug "Comparing with \"/$args{'title'}\"" if $self->{'debug'}; + + Debug "(decoded content) =\n" . $resp->decoded_content() if $self->{'debug'} > 2; + if ($response_location =~ /[\/=]$args{'title'}/i) { Debug "Success!" if $self->{'debug'}; return 0; @@ -230,9 +254,13 @@ Debug "Fetching page '$args{'title'}' (section '$args{'section'}')..." if $self->{'debug'}; my $edit_section = $args{'section'} ? "\&section=$args{'section'}" : ''; - my $resp = $ua->request(GET "$args{'protocol'}://$WHOST/$WPATH/index.php?title=$args{'title'}&action=edit$edit_section"); + my $edit_url = "$args{'protocol'}://$WHOST/$WPATH/index.php?title=$args{'title'}&action=edit$edit_section"; + my $resp = $ua->request(GET $edit_url); + Debug "[getPage] From " . $edit_url if $self->{'debug'}; my @lines = split /\n/, $resp->content(); + Debug "(decoded content) =\n" . $resp->decoded_content() if $self->{'debug'} > 2; + my @content = (); my $saving = 0; @@ -297,7 +325,7 @@ # protocol => 'https', # Optional, default is http host => 'localhost', # Default: localhost path => 'wiki' , # Can be empty on 3rd-level domain Wikis - debug => 0 # Optional. 0=no debug msgs, 1=some msgs, 2=more msgs + debug => 0 # Optional. 0=no debug msgs, 1=some msgs, 2=more msgs, 3=all msgs ); =head1 DESCRIPTION
Download (untitled) / with headers
text/plain 334b
On Thu Feb 21 08:36:59 2013, PJNEWMAN wrote: Show quoted text
> As promised, a patch that gets it working with newer versions of MW and > also adds a bit more debug and uses public methods, rather than private > variables from HTTP::Response.
See the attached further patch which expands the existing fix to work with 1.27.5 and probably earlier.
Subject: cms-mediawiki-mw1.27.5.diff
--- CMS/MediaWiki.pm.old 2018-10-18 12:34:16.121451863 +0100 +++ CMS/MediaWiki.pm 2018-10-18 12:25:29.923678657 +0100 @@ -70,6 +70,7 @@ $tags{'wpName' } = $args{'user'} || 'Perlbot'; $tags{'wpPassword' } = $args{'pass'} || 'barfoo'; $tags{'wpLoginattempt'} = 'Log in'; + $tags{'authAction'} = 'login'; my $index_path = "/index.php"; $index_path = "/$args{'path'}/index.php" if $args{'path'}; @@ -84,9 +85,17 @@ #Debug "X $_"; if (/wpLoginToken/) { s/type=.?hidden.? *name="wpLoginToken" *value="(.+)"/$1/i; - $login_token = $1; - $tags{'wpLoginToken'} = $login_token; - Debug "[login] Got wpLoginToken" if $self->{'debug'}; + if (defined($1) && ($1 ne "")) { + $login_token = $1; + } elsif (s/name="wpLoginToken" *type=.?hidden.? *value="(.+)"/$1/i) { + #Version 1.27 (and before?) format + #<input name="wpLoginToken" type="hidden" value="817219d00c08d04384cd9069e5467cc95bc865fe+\"/> + $login_token = $1; + } + if (defined($login_token) && ($login_token ne "")) { + $tags{'wpLoginToken'} = $login_token; + Debug "[login] Got wpLoginToken ($login_token)" if $self->{'debug'}; + } } } @@ -124,6 +133,9 @@ } } + Debug "[login] Failed due to potential session hijacking" if $self->{'debug'} && ($resp->decoded_content() =~ /precaution against session hijacking/); + Debug "[login] Failed due to invalid password (try logging in manually)" if $self->{'debug'} && ($resp->decoded_content() =~ /Your password is not valid/); + Debug "[login] Failed due to incorrect username or password" if $self->{'debug'} && ($resp->decoded_content() =~ /Incorrect username or password entered/); Debug "(decoded content) =\n" . $resp->decoded_content() if $self->{'debug'} > 2; return $login_okay ? 0 : 1;
Download (untitled) / with headers
text/plain 466b
On Thu Oct 18 12:44:34 2018, PJNEWMAN wrote: Show quoted text
> On Thu Feb 21 08:36:59 2013, PJNEWMAN wrote:
> > As promised, a patch that gets it working with newer versions of MW > > and > > also adds a bit more debug and uses public methods, rather than > > private > > variables from HTTP::Response.
> > See the attached further patch which expands the existing fix to work > with 1.27.5 and probably earlier.
And another small diff for getPage. I've not tested much else yet.
Subject: cms-mediawiki-getpage-mw1.27.5.diff
--- CMS/MediaWiki.pm.old 2018-10-18 15:18:57.392883166 +0100 +++ CMS/MediaWiki.pm 2018-10-18 15:18:04.495904948 +0100 @@ -298,7 +298,9 @@ # if any of $line remains, fall thru to 'push' part. next unless ($line); - } elsif ($line =~ m#(.*)</textarea>#) { + } + # Check the rest of the line in case it consists of <textarea></textarea> on the same line + if ($line =~ m#(.*)</textarea>#) { push (@content, $line) if ($saving && $1); $saving = 0; }


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.