r40608 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r40607‎ \| r40608 \| r40609 >
Date:	13:48, 8 September 2008
Author:	demon
Status:	old
Tags:
Comment:	Self-revert 40530, 40531. Too many things still depend on $_GET and $_POST. Needs more cleanup before this can be put in place.
Modified paths:	/trunk/phase3/includes/Setup.php (modified) (history) /trunk/phase3/includes/User.php (modified) (history) /trunk/phase3/includes/WebRequest.php (modified) (history) /trunk/phase3/includes/specials/SpecialUserlogin.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/User.php
—	—	@@ -747,7 +747,7 @@
748	748	function loadDefaults( $name = false ) {
749	749	wfProfileIn( __METHOD__ );
750	750
751		~~- global $wgRequest;~~
	751	+ global $wgCookiePrefix;
752	752
753	753	$this->mId = 0;
754	754	$this->mName = $name;
—	—	@@ -757,8 +757,8 @@
758	758	$this->mEmail = '';
759	759	$this->mOptions = null; # Defer init
760	760
761		~~- if ( !is_null( $wgRequest->getCookie('LoggedOut') ) ) {~~
762		~~- $this->mTouched = wfTimestamp( TS_MW, $wgRequest->getCookie('LoggedOut') );~~
	761	+ if ( isset( $_COOKIE[$wgCookiePrefix.'LoggedOut'] ) ) {
	762	+ $this->mTouched = wfTimestamp( TS_MW, $_COOKIE[$wgCookiePrefix.'LoggedOut'] );
763	763	} else {
764	764	$this->mTouched = '0'; # Allow any pages to be cached
765	765	}
—	—	@@ -789,7 +789,7 @@
790	790	* @return \type{\bool} True if the user is logged in, false otherwise.
791	791	*/
792	792	private function loadFromSession() {
793		~~- global $wgMemc, $wgRequest;~~
	793	+ global $wgMemc, $wgCookiePrefix;
794	794
795	795	$result = null;
796	796	wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
—	—	@@ -804,8 +804,8 @@
805	805	$this->loadDefaults();
806	806	return false;
807	807	}
808		~~- } else if ( !is_null( $wgRequest->getCookie( 'UserID' ) ) ) {~~
809		~~- $sId = intval( $wgRequest->getCookie( 'UserID' ) );~~
	808	+ } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {
	809	+ $sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );
810	810	$_SESSION['wsUserID'] = $sId;
811	811	} else {
812	812	$this->loadDefaults();
—	—	@@ -813,8 +813,8 @@
814	814	}
815	815	if ( isset( $_SESSION['wsUserName'] ) ) {
816	816	$sName = $_SESSION['wsUserName'];
817		~~- } else if ( !is_null( $wgRequest->getCookie( 'UserName' ) ) ) {~~
818		~~- $sName = $wgRequest->getCookie( 'UserName' );~~
	817	+ } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {
	818	+ $sName = $_COOKIE["{$wgCookiePrefix}UserName"];
819	819	$_SESSION['wsUserName'] = $sName;
820	820	} else {
821	821	$this->loadDefaults();
—	—	@@ -831,8 +831,8 @@
832	832	if ( isset( $_SESSION['wsToken'] ) ) {
833	833	$passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
834	834	$from = 'session';
835		~~- } else if ( !is_null( $wgRequest->getCookie( 'Token' ) ) ) {~~
836		~~- $passwordCorrect = $this->mToken == $wgRequest->getCookie( 'Token' );~~
	835	+ } else if ( isset( $_COOKIE["{$wgCookiePrefix}Token"] ) ) {
	836	+ $passwordCorrect = $this->mToken == $_COOKIE["{$wgCookiePrefix}Token"];
837	837	$from = 'cookie';
838	838	} else {
839	839	# No session or persistent login cookie
Index: trunk/phase3/includes/Setup.php
—	—	@@ -238,7 +238,7 @@
239	239	if( !wfIniGetBool( 'session.auto_start' ) )
240	240	session_name( $wgSessionName ? $wgSessionName : $wgCookiePrefix . '_session' );
241	241
242		~~-if( !$wgCommandLineMode && ( $wgRequest->checkSessionCookie() \|\| !is_null( $wgRequest->getCookie('Token') ) ) ) {~~
	242	+if( !$wgCommandLineMode && ( $wgRequest->checkSessionCookie() \|\| isset( $_COOKIE[$wgCookiePrefix.'Token'] ) ) ) {
243	243	wfIncrStats( 'request_with_session' );
244	244	wfSetupSession();
245	245	$wgSessionStarted = true;
Index: trunk/phase3/includes/WebRequest.php
—	—	@@ -46,18 +46,16 @@
47	47	var $data = array();
48	48	var $headers;
49	49	private $_response;
50		~~- private $cookies = array();~~
51	50
52	51	function __construct() {
	52	+ /// @fixme This preemptive de-quoting can interfere with other web libraries
	53	+ /// and increases our memory footprint. It would be cleaner to do on
	54	+ /// demand; but currently we have no wrapper for $_SERVER etc.
	55	+ $this->checkMagicQuotes();
	56	+
53	57	// POST overrides GET data
54	58	// We don't use $_REQUEST here to avoid interference from cookies...
55	59	$this->data = wfArrayMerge( $_GET, $_POST );
56		~~- $this->cookies = $_COOKIE;~~
57		-
58		~~- /// @fixme This preemptive de-quoting increases our memory footprint.~~
59		~~- /// It would be cleaner to do on demand; but currently we have no~~
60		~~- /// wrapper for $_SERVER etc.~~
61		~~- $this->checkMagicQuotes();~~
62	60	}
63	61
64	62	/**
—	—	@@ -185,9 +183,10 @@
186	184	*/
187	185	function checkMagicQuotes() {
188	186	if ( function_exists( 'get_magic_quotes_gpc' ) && get_magic_quotes_gpc() ) {
189		~~- $this->fix_magic_quotes( $this->cookies );~~
	187	+ $this->fix_magic_quotes( $_COOKIE );
190	188	$this->fix_magic_quotes( $_ENV );
191		~~- $this->fix_magic_quotes( $this->data );~~
	189	+ $this->fix_magic_quotes( $_GET );
	190	+ $this->fix_magic_quotes( $_POST );
192	191	$this->fix_magic_quotes( $_REQUEST );
193	192	$this->fix_magic_quotes( $_SERVER );
194	193	}
—	—	@@ -400,23 +399,6 @@
401	400	}
402	401
403	402	/**
404		~~- * Get a cookie that has been sent through fix_magic_quotes().~~
405		~~- * $wgCookiePrefix added before requesting, so no need to do~~
406		~~- * it yourself.~~
407		- *
408		~~- * @param string $key Key of the cookie name~~
409		~~- * @param bool $addPrefix Whether to append $wgCookiePrefix (ie: most of the time)~~
410		~~- * @return mixed (value or null if not found)~~
411		~~- */~~
412		~~- function getCookie( $key, $addPrefix = true ) {~~
413		~~- if ( $addPrefix ) {~~
414		~~- global $wgCookiePrefix;~~
415		~~- $key = $wgCookiePrefix . $key;~~
416		~~- }~~
417		~~- return isset( $this->cookies[$key] ) ? $this->cookies[$key] : null;~~
418		~~- }~~
419		-
420		- /**
421	403	* Returns true if there is a session cookie set.
422	404	* This does not necessarily mean that the user is logged in!
423	405	*
—	—	@@ -428,7 +410,7 @@
429	411	* @return bool
430	412	*/
431	413	function checkSessionCookie() {
432		~~- return !is_null( $this->getCookie( session_name(), false ) );~~
	414	+ return isset( $_COOKIE[session_name()] );
433	415	}
434	416
435	417	/**
Index: trunk/phase3/includes/specials/SpecialUserlogin.php
—	—	@@ -742,7 +742,7 @@
743	743	*/
744	744	function mainLoginForm( $msg, $msgtype = 'error' ) {
745	745	global $wgUser, $wgOut, $wgAllowRealName, $wgEnableEmail;
746		~~- global $wgRequest, $wgAuth, $wgLoginLanguageSelector;~~
	746	+ global $wgCookiePrefix, $wgAuth, $wgLoginLanguageSelector;
747	747	global $wgAuth, $wgEmailConfirmToEdit, $wgCookieExpiration;
748	748
749	749	$titleObj = SpecialPage::getTitleFor( 'Userlogin' );
—	—	@@ -767,7 +767,7 @@
768	768	if ( $wgUser->isLoggedIn() ) {
769	769	$this->mName = $wgUser->getName();
770	770	} else {
771		~~- $this->mName = $wgRequest->getCookie('UserName');~~
	771	+ $this->mName = isset( $_COOKIE[$wgCookiePrefix.'UserName'] ) ? $_COOKIE[$wgCookiePrefix.'UserName'] : null;
772	772	}
773	773	}
774	774

Status & tagging log

15:31, 12 September 2011 Meno25 (talk | contribs) changed the status of r40608 [removed: deferred added: old]
13:41, 1 October 2010 😂 (talk | contribs) changed the status of r40608 [removed: new added: deferred]