r82686 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r82685‎ \| r82686 \| r82687 >
Date:	17:54, 23 February 2011
Author:	ialex
Status:	resolved (Comments)
Tags:
Comment:	Use $wgRequest to get and set session items instead of $_SESSION (as for cookies)
Modified paths:	/trunk/phase3/includes/User.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/User.php
—	—	@@ -873,32 +873,30 @@
874	874	}
875	875	}
876	876
877		~~- if ( $wgRequest->getCookie( 'UserID' ) !== null ) {~~
878		~~- $sId = intval( $wgRequest->getCookie( 'UserID' ) );~~
879		~~- if( isset( $_SESSION['wsUserID'] ) && $sId != $_SESSION['wsUserID'] ) {~~
	877	+ $cookieId = $wgRequest->getCookie( 'UserID' );
	878	+ $sessId = $wgRequest->getSessionData( 'wsUserID' );
	879	+
	880	+ if ( $cookieId !== null ) {
	881	+ $sId = intval( $cookieId );
	882	+ if( $sessId !== null && $cookieId != $sessId ) {
880	883	$this->loadDefaults(); // Possible collision!
881		~~- wfDebugLog( 'loginSessions', "Session user ID ({$_SESSION['wsUserID']}) and~~
	884	+ wfDebugLog( 'loginSessions', "Session user ID ($sessId) and
882	885	cookie user ID ($sId) don't match!" );
883	886	return false;
884	887	}
885		~~- $_SESSION['wsUserID'] = $sId;~~
886		~~- } else if ( isset( $_SESSION['wsUserID'] ) ) {~~
887		~~- if ( $_SESSION['wsUserID'] != 0 ) {~~
888		~~- $sId = $_SESSION['wsUserID'];~~
889		~~- } else {~~
890		~~- $this->loadDefaults();~~
891		~~- return false;~~
892		~~- }~~
	888	+ $wgRequest->setSessionData( 'wsUserID', $sId );
	889	+ } else if ( $sessId !== null && $sessId != 0 ) {
	890	+ $sId = $sessId;
893	891	} else {
894	892	$this->loadDefaults();
895	893	return false;
896	894	}
897	895
898		~~- if ( isset( $_SESSION['wsUserName'] ) ) {~~
899		~~- $sName = $_SESSION['wsUserName'];~~
900		~~- } else if ( $wgRequest->getCookie('UserName') !== null ) {~~
901		~~- $sName = $wgRequest->getCookie('UserName');~~
902		~~- $_SESSION['wsUserName'] = $sName;~~
	896	+ if ( $wgRequest->getSessionData( 'wsUserName' ) !== null ) {
	897	+ $sName = $wgRequest->getSessionData( 'wsUserName' );
	898	+ } else if ( $wgRequest->getCookie( 'UserName' ) !== null ) {
	899	+ $sName = $wgRequest->getCookie( 'UserName' );
	900	+ $wgRequest->setSessionData( 'wsUserName', $sName );
903	901	} else {
904	902	$this->loadDefaults();
905	903	return false;
—	—	@@ -917,8 +915,8 @@
918	916	return false;
919	917	}
920	918
921		~~- if ( isset( $_SESSION['wsToken'] ) ) {~~
922		~~- $passwordCorrect = $_SESSION['wsToken'] == $this->mToken;~~
	919	+ if ( $wgRequest->getSessionData( 'wsToken' ) !== null ) {
	920	+ $passwordCorrect = $this->mToken == $wgRequest->getSessionData( 'wsToken' );
923	921	$from = 'session';
924	922	} else if ( $wgRequest->getCookie( 'Token' ) !== null ) {
925	923	$passwordCorrect = $this->mToken == $wgRequest->getCookie( 'Token' );
—	—	@@ -930,7 +928,7 @@
931	929	}
932	930
933	931	if ( ( $sName == $this->mName ) && $passwordCorrect ) {
934		~~- $_SESSION['wsToken'] = $this->mToken;~~
	932	+ $wgRequest->setSessionData( 'wsToken', $this->mToken );
935	933	wfDebug( "User: logged in from $from\n" );
936	934	return true;
937	935	} else {
—	—	@@ -2453,6 +2451,8 @@
2454	2452	* Set the default cookies for this session on the user's client.
2455	2453	*/
2456	2454	function setCookies() {
	2455	+ global $wgRequest;
	2456	+
2457	2457	$this->load();
2458	2458	if ( 0 == $this->mId ) return;
2459	2459	$session = array(
—	—	@@ -2471,9 +2471,9 @@
2472	2472	}
2473	2473
2474	2474	wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
2475		~~- #check for null, since the hook could cause a null value~~
2476		~~- if ( !is_null( $session ) && isset( $_SESSION ) ){~~
2477		~~- $_SESSION = $session + $_SESSION;~~
	2475	+
	2476	+ foreach ( $session as $name => $value ) {
	2477	+ $wgRequest->setSessionData( $name, $value );
2478	2478	}
2479	2479	foreach ( $cookies as $name => $value ) {
2480	2480	if ( $value === false ) {
—	—	@@ -2499,9 +2499,11 @@
2500	2500	* @see logout()
2501	2501	*/
2502	2502	function doLogout() {
	2503	+ global $wgRequest;
	2504	+
2503	2505	$this->clearInstanceCache( 'defaults' );
2504	2506
2505		~~- $_SESSION['wsUserID'] = 0;~~
	2507	+ $wgRequest->setSessionData( 'wsUserID', 0 );
2506	2508
2507	2509	$this->clearCookie( 'UserID' );
2508	2510	$this->clearCookie( 'Token' );
—	—	@@ -2856,14 +2858,15 @@
2857	2859	* @return String The new edit token
2858	2860	*/
2859	2861	function editToken( $salt = '' ) {
	2862	+ global $wgRequest;
	2863	+
2860	2864	if ( $this->isAnon() ) {
2861	2865	return EDIT_TOKEN_SUFFIX;
2862	2866	} else {
2863		~~- if( !isset( $_SESSION['wsEditToken'] ) ) {~~
	2867	+ $token = $wgRequest->getSessionData( 'wsEditToken' );
	2868	+ if ( $token === null ) {
2864	2869	$token = self::generateToken();
2865		~~- $_SESSION['wsEditToken'] = $token;~~
2866		~~- } else {~~
2867		~~- $token = $_SESSION['wsEditToken'];~~
	2870	+ $wgRequest->setSessionData( 'wsEditToken', $token );
2868	2871	}
2869	2872	if( is_array( $salt ) ) {
2870	2873	$salt = implode( '\|', $salt );

Follow-up revisions

Revision	Commit summary	Author	Date
r83080	Per Platonides, fix for r82686: make ApiUploadTest work again...	ialex	12:52, 2 March 2011
r84007	Fix bug 27887, caused by r82686: inject session data into FauxRequest s used ...	werdna	11:38, 15 March 2011

Comments

#Comment by Platonides (talk | contribs) 21:38, 1 March 2011

Breaks tests:

ApiUploadTest::testUploadMissingParams
ApiUploadTest::testUploadZeroLength

#Comment by IAlex (talk | contribs) 13:04, 2 March 2011

Fixed in r83080.

#Comment by Siebrand (talk | contribs) 10:32, 14 March 2011

According to Tim in comment 5 of bug 27887, this causes a serious issue in LiquidThreads we severely suffer from at translatewiki.net.

Status & tagging log

16:19, 19 August 2011 Reedy (talk | contribs) changed the status of r82686 [removed: new added: resolved]
05:27, 16 August 2011 IAlex (talk | contribs) changed the status of r82686 [removed: fixme added: new]
21:38, 1 March 2011 Platonides (talk | contribs) changed the status of r82686 [removed: new added: fixme]