From a469f0dae13c2543a5770bace449f9f6e0920ef6 Mon Sep 17 00:00:00 2001
From: Chad Horohoe <demon@users.mediawiki.org>
Date: Mon, 8 Sep 2008 13:48:07 +0000
Subject: [PATCH] Self-revert 40530, 40531. Too many things still depend on
 $_GET and $_POST. Needs more cleanup before this can be put in place.

---
 includes/Setup.php                     |  2 +-
 includes/User.php                      | 20 +++++++-------
 includes/WebRequest.php                | 36 +++++++-------------------
 includes/specials/SpecialUserlogin.php |  4 +--
 4 files changed, 22 insertions(+), 40 deletions(-)

diff --git a/includes/Setup.php b/includes/Setup.php
index f1ae417b82..ecc6deff73 100644
--- a/includes/Setup.php
+++ b/includes/Setup.php
@@ -238,7 +238,7 @@ $wgCookiePrefix = strtr($wgCookiePrefix, "=,; +.\"'\\[", "__________");
 if( !wfIniGetBool( 'session.auto_start' ) )
 	session_name( $wgSessionName ? $wgSessionName : $wgCookiePrefix . '_session' );
 
-if( !$wgCommandLineMode && ( $wgRequest->checkSessionCookie() || !is_null( $wgRequest->getCookie('Token') ) ) ) {
+if( !$wgCommandLineMode && ( $wgRequest->checkSessionCookie() || isset( $_COOKIE[$wgCookiePrefix.'Token'] ) ) ) {
 	wfIncrStats( 'request_with_session' );
 	wfSetupSession();
 	$wgSessionStarted = true;
diff --git a/includes/User.php b/includes/User.php
index 53ac93effa..5fa2ff5c28 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -747,7 +747,7 @@ class User {
 	function loadDefaults( $name = false ) {
 		wfProfileIn( __METHOD__ );
 
-		global $wgRequest;
+		global $wgCookiePrefix;
 
 		$this->mId = 0;
 		$this->mName = $name;
@@ -757,8 +757,8 @@ class User {
 		$this->mEmail = '';
 		$this->mOptions = null; # Defer init
 
-		if ( !is_null( $wgRequest->getCookie('LoggedOut') ) ) {
-			$this->mTouched = wfTimestamp( TS_MW, $wgRequest->getCookie('LoggedOut') );
+		if ( isset( $_COOKIE[$wgCookiePrefix.'LoggedOut'] ) ) {
+			$this->mTouched = wfTimestamp( TS_MW, $_COOKIE[$wgCookiePrefix.'LoggedOut'] );
 		} else {
 			$this->mTouched = '0'; # Allow any pages to be cached
 		}
@@ -789,7 +789,7 @@ class User {
 	 * @return \type{\bool} True if the user is logged in, false otherwise.
 	 */
 	private function loadFromSession() {
-		global $wgMemc, $wgRequest;
+		global $wgMemc, $wgCookiePrefix;
 
 		$result = null;
 		wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
@@ -804,8 +804,8 @@ class User {
 				$this->loadDefaults();
 				return false;
 			}
-		} else if ( !is_null( $wgRequest->getCookie( 'UserID' ) ) ) {
-			$sId = intval( $wgRequest->getCookie( 'UserID' ) );
+		} else if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {
+			$sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );
 			$_SESSION['wsUserID'] = $sId;
 		} else {
 			$this->loadDefaults();
@@ -813,8 +813,8 @@ class User {
 		}
 		if ( isset( $_SESSION['wsUserName'] ) ) {
 			$sName = $_SESSION['wsUserName'];
-		} else if ( !is_null( $wgRequest->getCookie( 'UserName' ) ) ) {
-			$sName = $wgRequest->getCookie( 'UserName' );
+		} else if ( isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {
+			$sName = $_COOKIE["{$wgCookiePrefix}UserName"];
 			$_SESSION['wsUserName'] = $sName;
 		} else {
 			$this->loadDefaults();
@@ -831,8 +831,8 @@ class User {
 		if ( isset( $_SESSION['wsToken'] ) ) {
 			$passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
 			$from = 'session';
-		} else if ( !is_null( $wgRequest->getCookie( 'Token' ) ) ) {
-			$passwordCorrect = $this->mToken == $wgRequest->getCookie( 'Token' );
+		} else if ( isset( $_COOKIE["{$wgCookiePrefix}Token"] ) ) {
+			$passwordCorrect = $this->mToken == $_COOKIE["{$wgCookiePrefix}Token"];
 			$from = 'cookie';
 		} else {
 			# No session or persistent login cookie
diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index 63cd706d7a..949901fdaa 100644
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -46,18 +46,16 @@ class WebRequest {
 	var $data = array();
 	var $headers;
 	private $_response;
-	private $cookies = array();
 
 	function __construct() {
+		/// @fixme This preemptive de-quoting can interfere with other web libraries
+		///        and increases our memory footprint. It would be cleaner to do on
+		///        demand; but currently we have no wrapper for $_SERVER etc.
+		$this->checkMagicQuotes();
+
 		// POST overrides GET data
 		// We don't use $_REQUEST here to avoid interference from cookies...
 		$this->data = wfArrayMerge( $_GET, $_POST );
-		$this->cookies = $_COOKIE;
-
-		/// @fixme This preemptive de-quoting increases our memory footprint. 
-		/// It would be cleaner to do on demand; but currently we have no 
-		/// wrapper for $_SERVER etc.
-		$this->checkMagicQuotes();		
 	}
 
 	/**
@@ -185,9 +183,10 @@ class WebRequest {
 	 */
 	function checkMagicQuotes() {
 		if ( function_exists( 'get_magic_quotes_gpc' ) && get_magic_quotes_gpc() ) {
-			$this->fix_magic_quotes( $this->cookies );
+			$this->fix_magic_quotes( $_COOKIE );
 			$this->fix_magic_quotes( $_ENV );
-			$this->fix_magic_quotes( $this->data );
+			$this->fix_magic_quotes( $_GET );
+			$this->fix_magic_quotes( $_POST );
 			$this->fix_magic_quotes( $_REQUEST );
 			$this->fix_magic_quotes( $_SERVER );
 		}
@@ -399,23 +398,6 @@ class WebRequest {
 		return $_SERVER['REQUEST_METHOD'] == 'POST';
 	}
 
-	/**
-	 * Get a cookie that has been sent through fix_magic_quotes().
-	 * $wgCookiePrefix added before requesting, so no need to do
-	 * it yourself.
-	 * 
-	 * @param string $key Key of the cookie name
-	 * @param bool $addPrefix Whether to append $wgCookiePrefix (ie: most of the time)
-	 * @return mixed (value or null if not found)
-	 */
-	function getCookie( $key, $addPrefix = true ) {
-		if ( $addPrefix ) {
-			global $wgCookiePrefix;
-			$key = $wgCookiePrefix . $key;
-		}
-		return isset( $this->cookies[$key] ) ? $this->cookies[$key] : null;
-	}
-
 	/**
 	 * Returns true if there is a session cookie set.
 	 * This does not necessarily mean that the user is logged in!
@@ -428,7 +410,7 @@ class WebRequest {
 	 * @return bool
 	 */
 	function checkSessionCookie() {
-		return !is_null( $this->getCookie( session_name(), false ) );
+		return isset( $_COOKIE[session_name()] );
 	}
 
 	/**
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 5e73de45ed..82a1ac99fd 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -742,7 +742,7 @@ class LoginForm {
 	 */
 	function mainLoginForm( $msg, $msgtype = 'error' ) {
 		global $wgUser, $wgOut, $wgAllowRealName, $wgEnableEmail;
-		global $wgRequest, $wgAuth, $wgLoginLanguageSelector;
+		global $wgCookiePrefix, $wgAuth, $wgLoginLanguageSelector;
 		global $wgAuth, $wgEmailConfirmToEdit, $wgCookieExpiration;
 		
 		$titleObj = SpecialPage::getTitleFor( 'Userlogin' );
@@ -767,7 +767,7 @@ class LoginForm {
 			if ( $wgUser->isLoggedIn() ) {
 				$this->mName = $wgUser->getName();
 			} else {
-				$this->mName = $wgRequest->getCookie('UserName');
+				$this->mName = isset( $_COOKIE[$wgCookiePrefix.'UserName'] ) ? $_COOKIE[$wgCookiePrefix.'UserName'] : null;
 			}
 		}
 
-- 
2.20.1