r42040 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r42039‎ | r42040 | r42041 >
Date:18:41, 13 October 2008
Author:aaron
Status:old (Comments)
Tags:
Comment:
(bug 6464) Check for session id collisions by checking cookie user ID against session user ID
Modified paths:
  • /trunk/phase3/includes/User.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/User.php
@@ -800,31 +800,25 @@
801801 return $result;
802802 }
803803
804 - if ( isset( $_SESSION['wsUserID'] ) ) {
805 - if ( 0 != $_SESSION['wsUserID'] ) {
 804+ if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {
 805+ $sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );
 806+ if( isset( $_SESSION['wsUserID'] ) && $sId != $_SESSION['wsUserID'] ) {
 807+ $this->loadDefaults(); // Possible collision!
 808+ return false;
 809+ }
 810+ $_SESSION['wsUserID'] = $sId;
 811+ } else if ( isset( $_SESSION['wsUserID'] ) ) {
 812+ if ( $_SESSION['wsUserID'] != 0 ) {
806813 $sId = $_SESSION['wsUserID'];
807814 } else {
808815 $this->loadDefaults();
809816 return false;
810817 }
811 - } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {
812 - $sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );
813 - $_SESSION['wsUserID'] = $sId;
814818 } else {
815819 $this->loadDefaults();
816820 return false;
817821 }
818 - /*
819 - if ( isset( $_SESSION['wsUserName'] ) && isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {
820 - // Cookie and session username should match
821 - if( $_SESSION['wsUserName'] == $_COOKIE["{$wgCookiePrefix}UserName"] ) {
822 - $sName = $_SESSION['wsUserName'];
823 - } else {
824 - $this->loadDefaults();
825 - return false;
826 - }
827 - }
828 - */
 822+
829823 if ( isset( $_SESSION['wsUserName'] ) ) {
830824 $sName = $_SESSION['wsUserName'];
831825 } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {

Follow-up revisions

RevisionCommit summaryAuthorDate
r42045Add debug log item for r42040aaron19:13, 13 October 2008

Comments

#Comment by Brion VIBBER (talk | contribs)   19:04, 13 October 2008

Not 100% sure this'll help, but it shouldn't hurt.

Consider adding a debug log line for the abort case.

#Comment by Voice of All (talk | contribs)   19:14, 13 October 2008

Done in r42045

Status & tagging log