* Switch from running fix_magic_quotes() on $_COOKIE and $_GET/$_POST to running it on $this->cookies and $this->data. Should keep us from interfering with other programs that might do the same (and/or trying to start up a second WebRequest object). This partially fixes bug 11558.
* Todo: Do similar things with $_SERVER/$_ENV and switch to a lazy-load style, rather than on every new WebRequest.
if( !wfIniGetBool( 'session.auto_start' ) )
session_name( $wgSessionName ? $wgSessionName : $wgCookiePrefix . '_session' );
-if( !$wgCommandLineMode && ( $wgRequest->checkSessionCookie() || isset( $_COOKIE[$wgCookiePrefix.'Token'] ) ) ) {
+if( !$wgCommandLineMode && ( $wgRequest->checkSessionCookie() || !is_null( $wgRequest->getCookie('Token') ) ) ) {
wfIncrStats( 'request_with_session' );
wfSetupSession();
$wgSessionStarted = true;
function loadDefaults( $name = false ) {
wfProfileIn( __METHOD__ );
- global $wgCookiePrefix;
+ global $wgRequest;
$this->mId = 0;
$this->mName = $name;
$this->mEmail = '';
$this->mOptions = null; # Defer init
- if ( isset( $_COOKIE[$wgCookiePrefix.'LoggedOut'] ) ) {
- $this->mTouched = wfTimestamp( TS_MW, $_COOKIE[$wgCookiePrefix.'LoggedOut'] );
+ if ( !is_null( $wgRequest->getCookie('LoggedOut') ) ) {
+ $this->mTouched = wfTimestamp( TS_MW, $wgRequest->getCookie('LoggedOut') );
} else {
$this->mTouched = '0'; # Allow any pages to be cached
}
* @return \type{\bool} True if the user is logged in, false otherwise.
*/
private function loadFromSession() {
- global $wgMemc, $wgCookiePrefix;
+ global $wgMemc, $wgRequest;
$result = null;
wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
$this->loadDefaults();
return false;
}
- } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {
- $sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );
+ } else if ( !is_null( $wgRequest->getCookie( 'UserID' ) ) ) {
+ $sId = intval( $wgRequest->getCookie( 'UserID' ) );
$_SESSION['wsUserID'] = $sId;
} else {
$this->loadDefaults();
}
if ( isset( $_SESSION['wsUserName'] ) ) {
$sName = $_SESSION['wsUserName'];
- } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {
- $sName = $_COOKIE["{$wgCookiePrefix}UserName"];
+ } else if ( !is_null( $wgRequest->getCookie( 'UserName' ) ) ) {
+ $sName = $wgRequest->getCookie( 'UserName' );
$_SESSION['wsUserName'] = $sName;
} else {
$this->loadDefaults();
if ( isset( $_SESSION['wsToken'] ) ) {
$passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
$from = 'session';
- } else if ( isset( $_COOKIE["{$wgCookiePrefix}Token"] ) ) {
- $passwordCorrect = $this->mToken == $_COOKIE["{$wgCookiePrefix}Token"];
+ } else if ( !is_null( $wgRequest->getCookie( 'Token' ) ) ) {
+ $passwordCorrect = $this->mToken == $wgRequest->getCookie( 'Token' );
$from = 'cookie';
} else {
# No session or persistent login cookie
var $data = array();
var $headers;
private $_response;
+ private $cookies = array();
function __construct() {
- /// @fixme This preemptive de-quoting can interfere with other web libraries
- /// and increases our memory footprint. It would be cleaner to do on
- /// demand; but currently we have no wrapper for $_SERVER etc.
- $this->checkMagicQuotes();
-
// POST overrides GET data
// We don't use $_REQUEST here to avoid interference from cookies...
$this->data = wfArrayMerge( $_GET, $_POST );
+ $this->cookies = $_COOKIE;
+
+ /// @fixme This preemptive de-quoting increases our memory footprint.
+ /// It would be cleaner to do on demand; but currently we have no
+ /// wrapper for $_SERVER etc.
+ $this->checkMagicQuotes();
}
/**
*/
function checkMagicQuotes() {
if ( function_exists( 'get_magic_quotes_gpc' ) && get_magic_quotes_gpc() ) {
- $this->fix_magic_quotes( $_COOKIE );
+ $this->fix_magic_quotes( $this->cookies );
$this->fix_magic_quotes( $_ENV );
- $this->fix_magic_quotes( $_GET );
- $this->fix_magic_quotes( $_POST );
+ $this->fix_magic_quotes( $this->data );
$this->fix_magic_quotes( $_REQUEST );
$this->fix_magic_quotes( $_SERVER );
}
return $_SERVER['REQUEST_METHOD'] == 'POST';
}
+ /**
+ * Get a cookie that has been sent through fix_magic_quotes().
+ * $wgCookiePrefix added before requesting, so no need to do
+ * it yourself.
+ *
+ * @param string $key Key of the cookie name
+ * @param bool $addPrefix Whether to append $wgCookiePrefix (ie: most of the time)
+ * @return mixed (value or null if not found)
+ */
+ function getCookie( $key, $addPrefix = true ) {
+ if ( $addPrefix ) {
+ global $wgCookiePrefix;
+ $key = $wgCookiePrefix . $key;
+ }
+ return isset( $this->cookies[$key] ) ? $this->cookies[$key] : null;
+ }
+
/**
* Returns true if there is a session cookie set.
* This does not necessarily mean that the user is logged in!
* @return bool
*/
function checkSessionCookie() {
- return isset( $_COOKIE[session_name()] );
+ return !is_null( $this->getCookie( session_name(), false ) );
}
/**
*/
function mainLoginForm( $msg, $msgtype = 'error' ) {
global $wgUser, $wgOut, $wgAllowRealName, $wgEnableEmail;
- global $wgCookiePrefix, $wgAuth, $wgLoginLanguageSelector;
+ global $wgRequest, $wgAuth, $wgLoginLanguageSelector;
global $wgAuth, $wgEmailConfirmToEdit, $wgCookieExpiration;
$titleObj = SpecialPage::getTitleFor( 'Userlogin' );
if ( $wgUser->isLoggedIn() ) {
$this->mName = $wgUser->getName();
} else {
- $this->mName = isset( $_COOKIE[$wgCookiePrefix.'UserName'] ) ? $_COOKIE[$wgCookiePrefix.'UserName'] : null;
+ $this->mName = isset( $wgRequest->getCookie('UserName') ) ? $wgRequest->getCookie('UserName') : null;
}
}