r40530 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r40529‎ \| r40530 \| r40531 >
Date:	12:38, 6 September 2008
Author:	demon
Status:	old
Tags:
Comment:	* Add getCookie() method to WebRequest as a wrapper for $_COOKIE. Updated all instances of $_COOKIE to use this. * Switch from running fix_magic_quotes() on $_COOKIE and $_GET/$_POST to running it on $this->cookies and $this->data. Should keep us from interfering with other programs that might do the same (and/or trying to start up a second WebRequest object). This partially fixes bug 11558. * Todo: Do similar things with $_SERVER/$_ENV and switch to a lazy-load style, rather than on every new WebRequest.
Modified paths:	/trunk/phase3/includes/Setup.php (modified) (history) /trunk/phase3/includes/User.php (modified) (history) /trunk/phase3/includes/WebRequest.php (modified) (history) /trunk/phase3/includes/specials/SpecialUserlogin.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/User.php
—	—	@@ -747,7 +747,7 @@
748	748	function loadDefaults( $name = false ) {
749	749	wfProfileIn( __METHOD__ );
750	750
751		~~- global $wgCookiePrefix;~~
	751	+ global $wgRequest;
752	752
753	753	$this->mId = 0;
754	754	$this->mName = $name;
—	—	@@ -757,8 +757,8 @@
758	758	$this->mEmail = '';
759	759	$this->mOptions = null; # Defer init
760	760
761		~~- if ( isset( $_COOKIE[$wgCookiePrefix.'LoggedOut'] ) ) {~~
762		~~- $this->mTouched = wfTimestamp( TS_MW, $_COOKIE[$wgCookiePrefix.'LoggedOut'] );~~
	761	+ if ( !is_null( $wgRequest->getCookie('LoggedOut') ) ) {
	762	+ $this->mTouched = wfTimestamp( TS_MW, $wgRequest->getCookie('LoggedOut') );
763	763	} else {
764	764	$this->mTouched = '0'; # Allow any pages to be cached
765	765	}
—	—	@@ -789,7 +789,7 @@
790	790	* @return \type{\bool} True if the user is logged in, false otherwise.
791	791	*/
792	792	private function loadFromSession() {
793		~~- global $wgMemc, $wgCookiePrefix;~~
	793	+ global $wgMemc, $wgRequest;
794	794
795	795	$result = null;
796	796	wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
—	—	@@ -804,8 +804,8 @@
805	805	$this->loadDefaults();
806	806	return false;
807	807	}
808		~~- } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {~~
809		~~- $sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );~~
	808	+ } else if ( !is_null( $wgRequest->getCookie( 'UserID' ) ) ) {
	809	+ $sId = intval( $wgRequest->getCookie( 'UserID' ) );
810	810	$_SESSION['wsUserID'] = $sId;
811	811	} else {
812	812	$this->loadDefaults();
—	—	@@ -813,8 +813,8 @@
814	814	}
815	815	if ( isset( $_SESSION['wsUserName'] ) ) {
816	816	$sName = $_SESSION['wsUserName'];
817		~~- } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {~~
818		~~- $sName = $_COOKIE["{$wgCookiePrefix}UserName"];~~
	817	+ } else if ( !is_null( $wgRequest->getCookie( 'UserName' ) ) ) {
	818	+ $sName = $wgRequest->getCookie( 'UserName' );
819	819	$_SESSION['wsUserName'] = $sName;
820	820	} else {
821	821	$this->loadDefaults();
—	—	@@ -831,8 +831,8 @@
832	832	if ( isset( $_SESSION['wsToken'] ) ) {
833	833	$passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
834	834	$from = 'session';
835		~~- } else if ( isset( $_COOKIE["{$wgCookiePrefix}Token"] ) ) {~~
836		~~- $passwordCorrect = $this->mToken == $_COOKIE["{$wgCookiePrefix}Token"];~~
	835	+ } else if ( !is_null( $wgRequest->getCookie( 'Token' ) ) ) {
	836	+ $passwordCorrect = $this->mToken == $wgRequest->getCookie( 'Token' );
837	837	$from = 'cookie';
838	838	} else {
839	839	# No session or persistent login cookie
Index: trunk/phase3/includes/Setup.php
—	—	@@ -238,7 +238,7 @@
239	239	if( !wfIniGetBool( 'session.auto_start' ) )
240	240	session_name( $wgSessionName ? $wgSessionName : $wgCookiePrefix . '_session' );
241	241
242		~~-if( !$wgCommandLineMode && ( $wgRequest->checkSessionCookie() \|\| isset( $_COOKIE[$wgCookiePrefix.'Token'] ) ) ) {~~
	242	+if( !$wgCommandLineMode && ( $wgRequest->checkSessionCookie() \|\| !is_null( $wgRequest->getCookie('Token') ) ) ) {
243	243	wfIncrStats( 'request_with_session' );
244	244	wfSetupSession();
245	245	$wgSessionStarted = true;
Index: trunk/phase3/includes/WebRequest.php
—	—	@@ -46,16 +46,18 @@
47	47	var $data = array();
48	48	var $headers;
49	49	private $_response;
	50	+ private $cookies = array();
50	51
51	52	function __construct() {
52		~~- /// @fixme This preemptive de-quoting can interfere with other web libraries~~
53		~~- /// and increases our memory footprint. It would be cleaner to do on~~
54		~~- /// demand; but currently we have no wrapper for $_SERVER etc.~~
55		~~- $this->checkMagicQuotes();~~
56		-
57	53	// POST overrides GET data
58	54	// We don't use $_REQUEST here to avoid interference from cookies...
59	55	$this->data = wfArrayMerge( $_GET, $_POST );
	56	+ $this->cookies = $_COOKIE;
	57	+
	58	+ /// @fixme This preemptive de-quoting increases our memory footprint.
	59	+ /// It would be cleaner to do on demand; but currently we have no
	60	+ /// wrapper for $_SERVER etc.
	61	+ $this->checkMagicQuotes();
60	62	}
61	63
62	64	/**
—	—	@@ -183,10 +185,9 @@
184	186	*/
185	187	function checkMagicQuotes() {
186	188	if ( function_exists( 'get_magic_quotes_gpc' ) && get_magic_quotes_gpc() ) {
187		~~- $this->fix_magic_quotes( $_COOKIE );~~
	189	+ $this->fix_magic_quotes( $this->cookies );
188	190	$this->fix_magic_quotes( $_ENV );
189		~~- $this->fix_magic_quotes( $_GET );~~
190		~~- $this->fix_magic_quotes( $_POST );~~
	191	+ $this->fix_magic_quotes( $this->data );
191	192	$this->fix_magic_quotes( $_REQUEST );
192	193	$this->fix_magic_quotes( $_SERVER );
193	194	}
—	—	@@ -399,6 +400,23 @@
400	401	}
401	402
402	403	/**
	404	+ * Get a cookie that has been sent through fix_magic_quotes().
	405	+ * $wgCookiePrefix added before requesting, so no need to do
	406	+ * it yourself.
	407	+ *
	408	+ * @param string $key Key of the cookie name
	409	+ * @param bool $addPrefix Whether to append $wgCookiePrefix (ie: most of the time)
	410	+ * @return mixed (value or null if not found)
	411	+ */
	412	+ function getCookie( $key, $addPrefix = true ) {
	413	+ if ( $addPrefix ) {
	414	+ global $wgCookiePrefix;
	415	+ $key = $wgCookiePrefix . $key;
	416	+ }
	417	+ return isset( $this->cookies[$key] ) ? $this->cookies[$key] : null;
	418	+ }
	419	+
	420	+ /**
403	421	* Returns true if there is a session cookie set.
404	422	* This does not necessarily mean that the user is logged in!
405	423	*
—	—	@@ -410,7 +428,7 @@
411	429	* @return bool
412	430	*/
413	431	function checkSessionCookie() {
414		~~- return isset( $_COOKIE[session_name()] );~~
	432	+ return !is_null( $this->getCookie( session_name(), false ) );
415	433	}
416	434
417	435	/**
Index: trunk/phase3/includes/specials/SpecialUserlogin.php
—	—	@@ -742,7 +742,7 @@
743	743	*/
744	744	function mainLoginForm( $msg, $msgtype = 'error' ) {
745	745	global $wgUser, $wgOut, $wgAllowRealName, $wgEnableEmail;
746		~~- global $wgCookiePrefix, $wgAuth, $wgLoginLanguageSelector;~~
	746	+ global $wgRequest, $wgAuth, $wgLoginLanguageSelector;
747	747	global $wgAuth, $wgEmailConfirmToEdit, $wgCookieExpiration;
748	748
749	749	$titleObj = SpecialPage::getTitleFor( 'Userlogin' );
—	—	@@ -767,7 +767,7 @@
768	768	if ( $wgUser->isLoggedIn() ) {
769	769	$this->mName = $wgUser->getName();
770	770	} else {
771		~~- $this->mName = isset( $_COOKIE[$wgCookiePrefix.'UserName'] ) ? $_COOKIE[$wgCookiePrefix.'UserName'] : null;~~
	771	+ $this->mName = isset( $wgRequest->getCookie('UserName') ) ? $wgRequest->getCookie('UserName') : null;
772	772	}
773	773	}
774	774

Status & tagging log

15:31, 12 September 2011 Meno25 (talk | contribs) changed the status of r40530 [removed: deferred added: old]
13:41, 1 October 2010 😂 (talk | contribs) changed the status of r40530 [removed: new added: deferred]