From 8e02f6abe99af691753091923c5fdbc05105ed73 Mon Sep 17 00:00:00 2001 From: Brian Wolff Date: Sat, 9 Mar 2013 04:38:02 -0400 Subject: [PATCH] createaccount api action didn't handle no token and no cookie If you made a request to action=createaccount and this was the first time (so no account creation token had yet been generated for you) a "nocookiesfornew" error was returned. This is incorrect, what is supposed to happen in that case is the api returns what token to use. This is how users are supposed to request tokens, so the issue is very confusing. No release notes since this module was introduced in this version. Also removed sessionfailure from possible errors, as it isn't one (that status triggers the needtoken result). Change-Id: Ibfc3879fa89b1e11303aef65feb45a91afc215e6 --- includes/api/ApiCreateAccount.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/includes/api/ApiCreateAccount.php b/includes/api/ApiCreateAccount.php index 7a36ce855a..3f059d6f60 100644 --- a/includes/api/ApiCreateAccount.php +++ b/includes/api/ApiCreateAccount.php @@ -108,8 +108,10 @@ class ApiCreateAccount extends ApiBase { $apiResult = $this->getResult(); - if( $status->hasMessage( 'sessionfailure' ) ) { - // Token was incorrect, so add it to result, but don't throw an exception. + if( $status->hasMessage( 'sessionfailure' ) || $status->hasMessage( 'nocookiesfornew' ) ) { + // Token was incorrect, so add it to result, but don't throw an exception + // since not having the correct token is part of the normal + // flow of events. $result['token'] = LoginForm::getCreateaccountToken(); $result['result'] = 'needtoken'; } elseif( !$status->isOK() ) { @@ -230,7 +232,6 @@ class ApiCreateAccount extends ApiBase { public function getPossibleErrors() { $localErrors = array( 'wrongpassword', - 'sessionfailure', 'sorbs_create_account_reason', 'noname', 'userexists', -- 2.20.1