namespace MediaWiki\Block;
use DateTime;
+use DateTimeZone;
use DeferredUpdates;
use IP;
use MediaWiki\Config\ServiceOptions;
/**
* Try to load a block from an ID given in a cookie value. If the block is invalid
- * or doesn't exist, remove the cookie.
+ * doesn't exist, or the cookie value is malformed, remove the cookie.
*
* @param UserIdentity $user
* @param WebRequest $request
UserIdentity $user,
WebRequest $request
) {
- $blockCookieId = $this->getIdFromCookieValue( $request->getCookie( 'BlockID' ) );
+ $cookieValue = $request->getCookie( 'BlockID' );
+ if ( is_null( $cookieValue ) ) {
+ return false;
+ }
- if ( $blockCookieId !== null ) {
+ $blockCookieId = $this->getIdFromCookieValue( $cookieValue );
+ if ( !is_null( $blockCookieId ) ) {
// TODO: remove dependency on DatabaseBlock
$block = DatabaseBlock::newFromID( $blockCookieId );
if (
) {
return $block;
}
- $this->clearBlockCookie( $request->response() );
}
+ $this->clearBlockCookie( $request->response() );
+
return false;
}
}
// Set the cookie. Reformat the MediaWiki datetime as a Unix timestamp for the cookie.
- $expiryValue = DateTime::createFromFormat( 'YmdHis', $expiryTime )->format( 'U' );
+ $expiryValue = DateTime::createFromFormat(
+ 'YmdHis',
+ $expiryTime,
+ new DateTimeZone( 'UTC' )
+ )->format( 'U' );
$cookieOptions = [ 'httpOnly' => false ];
$cookieValue = $this->getCookieValue( $block );
$response->setCookie( 'BlockID', $cookieValue, $expiryValue, $cookieOptions );