From: Tyler Anthony Romeo <tylerromeo@gmail.com>
Date: Mon, 27 Aug 2012 02:28:48 +0000 (-0400)
Subject: (bug 39674) Fixed loading User from session when hook aborts.
X-Git-Tag: 1.31.0-rc.0~22242
X-Git-Url: http://git.cyclocoop.org/%24image?a=commitdiff_plain;h=60c596812bab018df098c574bc17a3e070106b6b;p=lhc%2Fweb%2Fwiklou.git

(bug 39674) Fixed loading User from session when hook aborts.

Rather than have separate calls to User::loadDefaults()
every time User::loadFromSession() fails, there is now just
one call in User::load() if loadFromSession() returns false.
This fixes the case where a UserLoadFromSession hook aborts
loading from session, leaving the User object uninitialized.

Change-Id: I8d1a114d7ec361b27b260791f742c473a1497f26
Signed-off-by: Tyler Anthony Romeo <tylerromeo@gmail.com>
---

diff --git a/includes/User.php b/includes/User.php
index 0a3db4c07c..d8a7f52dbb 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -286,7 +286,10 @@ class User {
 				$this->loadFromId();
 				break;
 			case 'session':
-				$this->loadFromSession();
+				if( !$this->loadFromSession() ) {
+					// Loading from session failed. Load defaults.
+					$this->loadDefaults();
+				}
 				wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
 				break;
 			default:
@@ -933,8 +936,7 @@ class User {
 	}
 
 	/**
-	 * Load user data from the session or login cookie. If there are no valid
-	 * credentials, initialises the user as an anonymous user.
+	 * Load user data from the session or login cookie.
 	 * @return Bool True if the user is logged in, false otherwise.
 	 */
 	private function loadFromSession() {
@@ -962,7 +964,6 @@ class User {
 		if ( $cookieId !== null ) {
 			$sId = intval( $cookieId );
 			if( $sessId !== null && $cookieId != $sessId ) {
-				$this->loadDefaults(); // Possible collision!
 				wfDebugLog( 'loginSessions', "Session user ID ($sessId) and
 					cookie user ID ($sId) don't match!" );
 				return false;
@@ -971,7 +972,6 @@ class User {
 		} elseif ( $sessId !== null && $sessId != 0 ) {
 			$sId = $sessId;
 		} else {
-			$this->loadDefaults();
 			return false;
 		}
 
@@ -981,21 +981,18 @@ class User {
 			$sName = $request->getCookie( 'UserName' );
 			$request->setSessionData( 'wsUserName', $sName );
 		} else {
-			$this->loadDefaults();
 			return false;
 		}
 
 		$proposedUser = User::newFromId( $sId );
 		if ( !$proposedUser->isLoggedIn() ) {
 			# Not a valid ID
-			$this->loadDefaults();
 			return false;
 		}
 
 		global $wgBlockDisablesLogin;
 		if( $wgBlockDisablesLogin && $proposedUser->isBlocked() ) {
 			# User blocked and we've disabled blocked user logins
-			$this->loadDefaults();
 			return false;
 		}
 
@@ -1007,7 +1004,6 @@ class User {
 			$from = 'cookie';
 		} else {
 			# No session or persistent login cookie
-			$this->loadDefaults();
 			return false;
 		}
 
@@ -1019,7 +1015,6 @@ class User {
 		} else {
 			# Invalid credentials
 			wfDebug( "User: can't log in from $from, invalid credentials\n" );
-			$this->loadDefaults();
 			return false;
 		}
 	}