r102949 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r102948‎ | r102949 | r102950 >
Date:08:40, 14 November 2011
Author:catrope
Status:reverted (Comments)
Tags:
Comment:
Followup r101149: make FauxRequest::__construct() use $_SESSION if the session parameter isn't given
Modified paths:
  • /trunk/phase3/includes/WebRequest.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/WebRequest.php
@@ -1179,7 +1179,7 @@
11801180 * @param $data Array of *non*-urlencoded key => value pairs, the
11811181 * fake GET/POST values
11821182 * @param $wasPosted Bool: whether to treat the data as POST
1183 - * @param $session Mixed: session array or null
 1183+ * @param $session Mixed: session array or null. If null, $_SESSION will be used
11841184 */
11851185 public function __construct( $data, $wasPosted = false, $session = null ) {
11861186 if( is_array( $data ) ) {
@@ -1188,8 +1188,11 @@
11891189 throw new MWException( "FauxRequest() got bogus data" );
11901190 }
11911191 $this->wasPosted = $wasPosted;
1192 - if( $session )
 1192+ if( $session ) {
11931193 $this->session = $session;
 1194+ } else {
 1195+ $this->session = $_SESSION;
 1196+ }
11941197 }
11951198
11961199 /**

Follow-up revisions

RevisionCommit summaryAuthorDate
r102955Revert r102949. Broke tests (undefined variable $_SESSION because session_sta...catrope09:23, 14 November 2011

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r101149fixed bug 31613 (API UsageException when saving a collection to a page)ckepper16:39, 28 October 2011

Comments

#Comment by Nikerabbit (talk | contribs)   09:13, 14 November 2011

Is there a chance of current context accidentally leaking to places where it shouldn't? Like executing some actions as an another user?

#Comment by Catrope (talk | contribs)   09:19, 14 November 2011

I don't believe so, since such bugs would have to already exist (except the 'other user' would be an anon, since the session was empty before this rev).

Status & tagging log