Added option request parameter to User::editToken() and User::matchEditToken() and use them where possible from the api.
Also removed $_SESSION usage since it's no longer needed
* submission.
*
* @param $salt String|Array of Strings Optional function-specific data for hashing
+ * @param $request WebRequest object to use or null to use $wgRequest
* @return String The new edit token
*/
- function editToken( $salt = '' ) {
- global $wgRequest;
+ function editToken( $salt = '', $request = null ) {
+ if ( $request == null ) {
+ global $wgRequest;
+ $request = $wgRequest;
+ }
if ( $this->isAnon() ) {
return EDIT_TOKEN_SUFFIX;
} else {
- $token = $wgRequest->getSessionData( 'wsEditToken' );
+ $token = $request->getSessionData( 'wsEditToken' );
if ( $token === null ) {
$token = self::generateToken();
- $wgRequest->setSessionData( 'wsEditToken', $token );
+ $request->setSessionData( 'wsEditToken', $token );
}
if( is_array( $salt ) ) {
$salt = implode( '|', $salt );
*
* @param $val String Input value to compare
* @param $salt String Optional function-specific data for hashing
+ * @param $request WebRequest object to use or null to use $wgRequest
* @return Boolean: Whether the token matches
*/
- function matchEditToken( $val, $salt = '' ) {
- $sessionToken = $this->editToken( $salt );
+ function matchEditToken( $val, $salt = '', $request = null ) {
+ $sessionToken = $this->editToken( $salt, $request );
if ( $val != $sessionToken ) {
wfDebug( "User::matchEditToken: broken session data\n" );
}
* @param $salt String Optional function-specific data for hashing
* @return Boolean: Whether the token matches
*/
- function matchEditTokenNoSuffix( $val, $salt = '' ) {
+ function matchEditTokenNoSuffix( $val, $salt = '', $request = null ) {
$sessionToken = $this->editToken( $salt );
return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
}
$this->session[$key] = $data;
}
+ public function getSessionArray() {
+ return $this->session;
+ }
+
public function isPathInfoBad() {
return false;
}
$params = $this->extractRequestParams();
if ( $params['gettoken'] ) {
- $res['blocktoken'] = $wgUser->editToken();
+ $res['blocktoken'] = $wgUser->editToken( '', $this->getMain()->getRequest() );
$this->getResult()->addValue( null, $this->getModuleName(), $res );
return;
}
$this->dieUsageMsg( array( 'missingparam', 'token' ) );
} else {
global $wgUser;
- if ( !$wgUser->matchEditToken( $moduleParams['token'], $salt ) ) {
+ if ( !$wgUser->matchEditToken( $moduleParams['token'], $salt, $this->getMain()->getRequest() ) ) {
$this->dieUsageMsg( array( 'sessionfailure' ) );
}
}
if ( $fld_token ) {
// Undelete tokens are identical for all pages, so we cache one here
- $token = $wgUser->editToken();
+ $token = $wgUser->editToken( '', $this->getMain()->getRequest() );
}
// We need a custom WHERE clause that matches all titles.
if ( isset( $this->prop['preferencestoken'] ) &&
is_null( $this->getMain()->getRequest()->getVal( 'callback' ) )
) {
- $vals['preferencestoken'] = $wgUser->editToken();
+ $vals['preferencestoken'] = $wgUser->editToken( '', $this->getMain()->getRequest() );
}
if ( isset( $this->prop['editcount'] ) ) {
$params = $this->extractRequestParams();
if ( $params['gettoken'] ) {
- $res['unblocktoken'] = $wgUser->editToken();
+ $res['unblocktoken'] = $wgUser->editToken( '', $this->getMain()->getRequest() );
$this->getResult()->addValue( null, $this->getModuleName(), $res );
return;
}
}
protected function doApiRequest( $params, $session = null, $appendModule = false ) {
- $_SESSION = isset( $session ) ? $session : array();
+ if ( is_null( $session ) ) {
+ $session = array();
+ }
- $request = new FauxRequest( $params, true, $_SESSION );
+ $request = new FauxRequest( $params, true, $session );
$module = new ApiMain( $request, true );
$module->execute();
- return array( $module->getResultData(), $request, $_SESSION );
+ return array( $module->getResultData(), $request, $request->getSessionArray() );
}
/**
'lgname' => $user->username,
'lgpassword' => $user->password
);
- list( $result, , ) = $this->doApiRequest( $params );
+ list( $result, , $session ) = $this->doApiRequest( $params );
$this->assertArrayHasKey( "login", $result );
$this->assertArrayHasKey( "result", $result['login'] );
$this->assertEquals( "NeedToken", $result['login']['result'] );
'lgname' => $user->username,
'lgpassword' => $user->password
);
- list( $result, , $session ) = $this->doApiRequest( $params );
+ list( $result, , $session ) = $this->doApiRequest( $params, $session );
$this->assertArrayHasKey( "login", $result );
$this->assertArrayHasKey( "result", $result['login'] );
$this->assertEquals( "Success", $result['login']['result'] );