From: Dayllan Maza <dmaza@wikimedia.org>
Date: Mon, 19 Aug 2019 18:59:25 +0000 (-0400)
Subject: Clear block cookie if the value is invalid
X-Git-Tag: 1.34.0-rc.0~657^2
X-Git-Url: http://git.cyclocoop.org/data/%24self?a=commitdiff_plain;h=dbc0d3c8844f7ab949c8248298fbb762d202962b;p=lhc%2Fweb%2Fwiklou.git

Clear block cookie if the value is invalid

When a block cookie is present and the block is invalid or doesn't exists
or the cookie value is invalid or malformed, the cookie is removed.

Bug: T227678
Change-Id: Icaff594686c16a0eb8551b2a4392a14a969b43b0
---

diff --git a/includes/block/BlockManager.php b/includes/block/BlockManager.php
index b67703cab1..a5035bd080 100644
--- a/includes/block/BlockManager.php
+++ b/includes/block/BlockManager.php
@@ -223,7 +223,7 @@ class BlockManager {
 
 	/**
 	 * Try to load a block from an ID given in a cookie value. If the block is invalid
-	 * or doesn't exist, remove the cookie.
+	 * doesn't exist, or the cookie value is malformed, remove the cookie.
 	 *
 	 * @param UserIdentity $user
 	 * @param WebRequest $request
@@ -233,9 +233,13 @@ class BlockManager {
 		UserIdentity $user,
 		WebRequest $request
 	) {
-		$blockCookieId = $this->getIdFromCookieValue( $request->getCookie( 'BlockID' ) );
+		$cookieValue = $request->getCookie( 'BlockID' );
+		if ( is_null( $cookieValue ) ) {
+			return false;
+		}
 
-		if ( $blockCookieId !== null ) {
+		$blockCookieId = $this->getIdFromCookieValue( $cookieValue );
+		if ( !is_null( $blockCookieId ) ) {
 			// TODO: remove dependency on DatabaseBlock
 			$block = DatabaseBlock::newFromID( $blockCookieId );
 			if (
@@ -244,9 +248,10 @@ class BlockManager {
 			) {
 				return $block;
 			}
-			$this->clearBlockCookie( $request->response() );
 		}
 
+		$this->clearBlockCookie( $request->response() );
+
 		return false;
 	}