From 8dca366e1135877b86cfacabf0ccb1bb4cd507ab Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Tue, 23 Feb 2016 17:05:15 -0500
Subject: [PATCH] User::isSafeToLoad() should return false if MW_NO_SESSION

Because it's never safe.

Bug: T127233
Change-Id: Ieb5824f1668dc38d1be7c7cbf799da17e581c555
---
 includes/user/User.php | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/includes/user/User.php b/includes/user/User.php
index eb3853a45d..74855911dc 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -315,9 +315,12 @@ class User implements IDBAccessObject {
 	}
 
 	/**
-	 * Test if it's safe to load this User object. You should typically check this before using
-	 * $wgUser or RequestContext::getUser in a method that might be called before the system has
-	 * been fully initialized. If the object is unsafe, you should use an anonymous user:
+	 * Test if it's safe to load this User object.
+	 *
+	 * You should typically check this before using $wgUser or
+	 * RequestContext::getUser in a method that might be called before the
+	 * system has been fully initialized. If the object is unsafe, you should
+	 * use an anonymous user:
 	 * \code
 	 * $user = $wgUser->isSafeToLoad() ? $wgUser : new User;
 	 * \endcode
@@ -327,7 +330,14 @@ class User implements IDBAccessObject {
 	 */
 	public function isSafeToLoad() {
 		global $wgFullyInitialised;
-		return $wgFullyInitialised || $this->mLoadedItems === true || $this->mFrom !== 'session';
+
+		// The user is safe to load if:
+		// * MW_NO_SESSION is undefined AND $wgFullyInitialised is true (safe to use session data)
+		// * mLoadedItems === true (already loaded)
+		// * mFrom !== 'session' (sessions not involved at all)
+
+		return ( !defined( 'MW_NO_SESSION' ) && $wgFullyInitialised ) ||
+			$this->mLoadedItems === true || $this->mFrom !== 'session';
 	}
 
 	/**
-- 
2.20.1