Merge "Fixed SiteArray serialization"

author Daniel Kinzler <daniel.kinzler@wikimedia.de>

Wed, 12 Dec 2012 20:14:18 +0000 (20:14 +0000)

committer Gerrit Code Review <gerrit@wikimedia.org>

Wed, 12 Dec 2012 20:14:18 +0000 (20:14 +0000)
author Daniel Kinzler <daniel.kinzler@wikimedia.de>
Wed, 12 Dec 2012 20:14:18 +0000 (20:14 +0000)
committer Gerrit Code Review <gerrit@wikimedia.org>
Wed, 12 Dec 2012 20:14:18 +0000 (20:14 +0000)
diff --git a/includes/logging/LogFormatter.php b/includes/logging/LogFormatter.php

index 7492209..3029925 100644 (file)
--- a/includes/logging/LogFormatter.php
+++ b/includes/logging/LogFormatter.php
@@ -1190,7 +1190,9 @@ class RightsLogFormatter extends LogFormatter {
                         $params[3] = $this->msg( 'rightsnone' )->text();
                 }
                 if ( count( $newGroups ) ) {
-                       $params[4] = $lang->listToText( $newGroups );
+                       // Array_values is used here because of bug 42211
+                       // see use of array_unique in UserrightsPage::doSaveUserGroups on $newGroups.
+                       $params[4] = $lang->listToText( array_values( $newGroups ) );
                 } else {
                         $params[4] = $this->msg( 'rightsnone' )->text();
                 }
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php

index 4980ffb..a09d5bd 100644 (file)
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -752,7 +752,7 @@ class LoginForm extends SpecialPage {
         }
  
         function processLogin() {
-               global $wgMemc, $wgLang, $wgSecureLogin;
+               global $wgMemc, $wgLang, $wgSecureLogin, $wgCookieSecure;
  
                 switch ( $this->authenticateUserData() ) {
                         case self::SUCCESS:
@@ -1264,15 +1264,21 @@ class LoginForm extends SpecialPage {
          * Renew the user's session id, using strong entropy
          */
         private function renewSessionId() {
-               if ( wfCheckEntropy() ) {
+               global $wgSecureLogin, $wgCookieSecure;
+               if( $wgSecureLogin && !$this->mStickHTTPS ) {
+                       $wgCookieSecure = false;
+               }
+
+               // If either we don't trust PHP's entropy, or if we need
+               // to change cookie settings when logging in because of
+               // wpStickHTTPS, then change the session ID manually.
+               $cookieParams = session_get_cookie_params();
+               if ( wfCheckEntropy() && $wgCookieSecure == $cookieParams['secure'] ) {
                         session_regenerate_id( false );
                 } else {
-                       //If we don't trust PHP's entropy, we have to replace the session manually
                         $tmp = $_SESSION;
-                       session_unset();
-                       session_write_close();
-                       session_id( MWCryptRand::generateHex( 32 ) );
-                       session_start();
+                       session_destroy();
+                       wfSetupSession( MWCryptRand::generateHex( 32 ) );
                         $_SESSION = $tmp;
                 }
         }
author	Daniel Kinzler <daniel.kinzler@wikimedia.de>
	Wed, 12 Dec 2012 20:14:18 +0000 (20:14 +0000)
committer	Gerrit Code Review <gerrit@wikimedia.org>
	Wed, 12 Dec 2012 20:14:18 +0000 (20:14 +0000)
includes/logging/LogFormatter.php		patch \| blob \| history
includes/specials/SpecialUserlogin.php		patch \| blob \| history