X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/membres/fiche.php?a=blobdiff_plain;f=includes%2Fuser%2FUser.php;h=fc96fe1952b5917b55b9e3d78cf4528e2e543650;hb=60882bb6b07aa0a9cbf0f8a2224cc94e2575dc11;hp=666f2b6979946efcf08e28e702b79324bb4c29b1;hpb=5d2058ade0c5cf38d7cc603907ecdcb5aa71f8c7;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/user/User.php b/includes/user/User.php index 666f2b6979..fc96fe1952 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -1718,9 +1718,31 @@ class User implements IDBAccessObject, UserIdentity { // overwriting mBlockedby, surely? $this->load(); + // TODO: Block checking shouldn't really be done from the User object. Block + // checking can involve checking for IP blocks, cookie blocks, and/or XFF blocks, + // which need more knowledge of the request context than the User should have. + // Since we do currently check blocks from the User, we have to do the following + // here: + // - Check if this is the user associated with the main request + // - If so, pass the relevant request information to the block manager + $request = null; + + // The session user is set up towards the end of Setup.php. Until then, + // assume it's a logged-out user. + $sessionUser = RequestContext::getMain()->getUser(); + $globalUserName = $sessionUser->isSafeToLoad() + ? $sessionUser->getName() + : IP::sanitizeIP( $sessionUser->getRequest()->getIP() ); + + if ( $this->getName() === $globalUserName ) { + // This is the global user, so we need to pass the request + $request = $this->getRequest(); + } + // @phan-suppress-next-line PhanAccessMethodInternal It's the only allowed use $block = MediaWikiServices::getInstance()->getBlockManager()->getUserBlock( $this, + $request, $fromReplica ); @@ -1741,7 +1763,7 @@ class User implements IDBAccessObject, UserIdentity { // Avoid PHP 7.1 warning of passing $this by reference $thisUser = $this; // Extensions - Hooks::run( 'GetBlockedStatus', [ &$thisUser ] ); + Hooks::run( 'GetBlockedStatus', [ &$thisUser ], '1.34' ); } /** @@ -2169,7 +2191,7 @@ class User implements IDBAccessObject, UserIdentity { if ( !$this->mHideName ) { // Reset for hook $this->mHideName = false; - Hooks::run( 'UserIsHidden', [ $this, &$this->mHideName ] ); + Hooks::run( 'UserIsHidden', [ $this, &$this->mHideName ], '1.34' ); } return (bool)$this->mHideName; } @@ -2772,18 +2794,6 @@ class User implements IDBAccessObject, UserIdentity { } } - /** - * Set the password for a password reminder or new account email - * - * @deprecated Removed in 1.27. Use PasswordReset instead. - * @param string $str New password to set or null to set an invalid - * password hash meaning that the user will not be able to use it - * @param bool $throttle If true, reset the throttle timestamp to the present - */ - public function setNewpassword( $str, $throttle = true ) { - throw new BadMethodCallException( __METHOD__ . ' has been removed in 1.27' ); - } - /** * Get the user's e-mail address * @return string User's email address @@ -3716,11 +3726,17 @@ class User implements IDBAccessObject, UserIdentity { $this->setNewtalk( false ); // If there is a new, unseen, revision, use its timestamp - $nextid = $oldid - ? $title->getNextRevisionID( $oldid, Title::GAID_FOR_UPDATE ) - : null; - if ( $nextid ) { - $this->setNewtalk( true, Revision::newFromId( $nextid ) ); + if ( $oldid ) { + $rl = MediaWikiServices::getInstance()->getRevisionLookup(); + $oldRev = $rl->getRevisionById( $oldid, Title::READ_LATEST ); + if ( $oldRev ) { + $newRev = $rl->getNextRevision( $oldRev ); + if ( $newRev ) { + // TODO: actually no need to wrap in a revision, + // setNewtalk really only needs a RevRecord + $this->setNewtalk( true, new Revision( $newRev ) ); + } + } } } ); } @@ -4298,13 +4314,13 @@ class User implements IDBAccessObject, UserIdentity { 'password' => $password, ] ); - $res = AuthManager::singleton()->beginAuthentication( $reqs, 'null:' ); + $res = $manager->beginAuthentication( $reqs, 'null:' ); switch ( $res->status ) { case AuthenticationResponse::PASS: return true; case AuthenticationResponse::FAIL: // Hope it's not a PreAuthenticationProvider that failed... - \MediaWiki\Logger\LoggerFactory::getInstance( 'authentication' ) + LoggerFactory::getInstance( 'authentication' ) ->info( __METHOD__ . ': Authentication failed: ' . $res->message->plain() ); return false; default: