* Set the 'BlockID' cookie to this block's ID and expiry time. The cookie's expiry will be
* the same as the block's, to a maximum of 24 hours.
*
- * An empty value can also be set, in order to retain the cookie but remove the block ID
- * (e.g. as used in User::getBlockedStatus).
- *
* @param WebResponse $response The response on which to set the cookie.
- * @param boolean $setEmpty Whether to set the cookie's value to the empty string.
*/
- public function setCookie( WebResponse $response, $setEmpty = false ) {
+ public function setCookie( WebResponse $response ) {
// Calculate the default expiry time.
$maxExpiryTime = wfTimestamp( TS_MW, wfTimestamp() + ( 24 * 60 * 60 ) );
}
// Set the cookie. Reformat the MediaWiki datetime as a Unix timestamp for the cookie.
- $cookieValue = $setEmpty ? '' : $this->getCookieValue();
$expiryValue = DateTime::createFromFormat( 'YmdHis', $expiryTime )->format( 'U' );
$cookieOptions = [ 'httpOnly' => false ];
+ $cookieValue = $this->getCookieValue();
$response->setCookie( 'BlockID', $cookieValue, $expiryValue, $cookieOptions );
}
+ /**
+ * Unset the 'BlockID' cookie.
+ *
+ * @param WebResponse $response The response on which to unset the cookie.
+ */
+ public static function clearCookie( WebResponse $response ) {
+ $response->clearCookie( 'BlockID', [ 'httpOnly' => false ] );
+ }
+
/**
* Get the BlockID cookie's value for this block. This is usually the block ID concatenated
* with an HMAC in order to avoid spoofing (T152951), but if wgSecretKey is not set will just
}
public function setHeaders() {
- global $wgOut, $wgUser, $wgAjaxEditStash, $wgCookieSetOnAutoblock;
+ global $wgOut, $wgUser, $wgAjaxEditStash;
$wgOut->addModules( 'mediawiki.action.edit' );
- if ( $wgCookieSetOnAutoblock === true ) {
- $wgOut->addModules( 'mediawiki.user.blockcookie' );
- }
$wgOut->addModuleStyles( 'mediawiki.action.edit.styles' );
if ( $wgUser->getOption( 'showtoolbar' ) ) {
$this->blockTrigger = 'cookie-block';
return $tmpBlock;
} else {
- // If the block is not valid, clear the block cookie (but don't delete it,
- // because it needs to be cleared from LocalStorage as well and an empty string
- // value is checked for in the mediawiki.user.blockcookie module).
- $tmpBlock->setCookie( $this->getRequest()->response(), true );
+ // If the block is not valid, remove the cookie.
+ Block::clearCookie( $this->getRequest()->response() );
}
+ } else {
+ // If the block doesn't exist, remove the cookie.
+ Block::clearCookie( $this->getRequest()->response() );
}
}
return false;
'dependencies' => 'mediawiki.util',
'targets' => [ 'desktop', 'mobile' ],
],
- 'mediawiki.user.blockcookie' => [
- 'scripts' => 'resources/src/mediawiki/mediawiki.user.blockcookie.js',
- 'dependencies' => [ 'mediawiki.cookie', 'mediawiki.storage' ],
- 'targets' => [ 'desktop', 'mobile' ],
- ],
'mediawiki.user' => [
'scripts' => 'resources/src/mediawiki/mediawiki.user.js',
'dependencies' => [
+++ /dev/null
-( function ( mw ) {
-
- // If a user has been autoblocked, a cookie is set.
- // Its value is replicated here in localStorage to guard against cookie-removal.
- // This module will only be loaded when $wgCookieSetOnAutoblock is true.
- // Ref: https://phabricator.wikimedia.org/T5233
-
- if ( !mw.cookie.get( 'BlockID' ) && mw.storage.get( 'blockID' ) ) {
- // The block ID exists in storage, but not in the cookie.
- mw.cookie.set( 'BlockID', mw.storage.get( 'blockID' ) );
-
- } else if ( parseInt( mw.cookie.get( 'BlockID' ), 10 ) > 0 && !mw.storage.get( 'blockID' ) ) {
- // The block ID exists in the cookie, but not in storage.
- // (When a block expires the cookie remains but its value is '', hence the integer check above.)
- mw.storage.set( 'blockID', mw.cookie.get( 'BlockID' ) );
-
- } else if ( mw.cookie.get( 'BlockID' ) === '' && mw.storage.get( 'blockID' ) ) {
- // If only the empty string is in the cookie, remove the storage value. The block is no longer valid.
- mw.storage.remove( 'blockID' );
-
- }
-
-}( mediaWiki ) );