From: Chad Horohoe <demon@users.mediawiki.org>
Date: Sat, 6 Sep 2008 12:38:34 +0000 (+0000)
Subject: * Add getCookie() method to WebRequest as a wrapper for $_COOKIE. Updated all instanc... 
X-Git-Tag: 1.31.0-rc.0~45442
X-Git-Url: https://git.cyclocoop.org//%22?a=commitdiff_plain;h=40618e0c3e29b22a2b961ea283fe394584e1514f;p=lhc%2Fweb%2Fwiklou.git

* Add getCookie() method to WebRequest as a wrapper for $_COOKIE. Updated all instances of $_COOKIE to use this.
* Switch from running fix_magic_quotes() on $_COOKIE and $_GET/$_POST to running it on $this->cookies and $this->data. Should keep us from interfering with other programs that might do the same (and/or trying to start up a second WebRequest object). This partially fixes bug 11558.
* Todo: Do similar things with $_SERVER/$_ENV and switch to a lazy-load style, rather than on every new WebRequest.
---

diff --git a/includes/Setup.php b/includes/Setup.php
index ecc6deff73..f1ae417b82 100644
--- a/includes/Setup.php
+++ b/includes/Setup.php
@@ -238,7 +238,7 @@ $wgCookiePrefix = strtr($wgCookiePrefix, "=,; +.\"'\\[", "__________");
 if( !wfIniGetBool( 'session.auto_start' ) )
 	session_name( $wgSessionName ? $wgSessionName : $wgCookiePrefix . '_session' );
 
-if( !$wgCommandLineMode && ( $wgRequest->checkSessionCookie() || isset( $_COOKIE[$wgCookiePrefix.'Token'] ) ) ) {
+if( !$wgCommandLineMode && ( $wgRequest->checkSessionCookie() || !is_null( $wgRequest->getCookie('Token') ) ) ) {
 	wfIncrStats( 'request_with_session' );
 	wfSetupSession();
 	$wgSessionStarted = true;
diff --git a/includes/User.php b/includes/User.php
index 5fa2ff5c28..53ac93effa 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -747,7 +747,7 @@ class User {
 	function loadDefaults( $name = false ) {
 		wfProfileIn( __METHOD__ );
 
-		global $wgCookiePrefix;
+		global $wgRequest;
 
 		$this->mId = 0;
 		$this->mName = $name;
@@ -757,8 +757,8 @@ class User {
 		$this->mEmail = '';
 		$this->mOptions = null; # Defer init
 
-		if ( isset( $_COOKIE[$wgCookiePrefix.'LoggedOut'] ) ) {
-			$this->mTouched = wfTimestamp( TS_MW, $_COOKIE[$wgCookiePrefix.'LoggedOut'] );
+		if ( !is_null( $wgRequest->getCookie('LoggedOut') ) ) {
+			$this->mTouched = wfTimestamp( TS_MW, $wgRequest->getCookie('LoggedOut') );
 		} else {
 			$this->mTouched = '0'; # Allow any pages to be cached
 		}
@@ -789,7 +789,7 @@ class User {
 	 * @return \type{\bool} True if the user is logged in, false otherwise.
 	 */
 	private function loadFromSession() {
-		global $wgMemc, $wgCookiePrefix;
+		global $wgMemc, $wgRequest;
 
 		$result = null;
 		wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
@@ -804,8 +804,8 @@ class User {
 				$this->loadDefaults();
 				return false;
 			}
-		} else if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {
-			$sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );
+		} else if ( !is_null( $wgRequest->getCookie( 'UserID' ) ) ) {
+			$sId = intval( $wgRequest->getCookie( 'UserID' ) );
 			$_SESSION['wsUserID'] = $sId;
 		} else {
 			$this->loadDefaults();
@@ -813,8 +813,8 @@ class User {
 		}
 		if ( isset( $_SESSION['wsUserName'] ) ) {
 			$sName = $_SESSION['wsUserName'];
-		} else if ( isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {
-			$sName = $_COOKIE["{$wgCookiePrefix}UserName"];
+		} else if ( !is_null( $wgRequest->getCookie( 'UserName' ) ) ) {
+			$sName = $wgRequest->getCookie( 'UserName' );
 			$_SESSION['wsUserName'] = $sName;
 		} else {
 			$this->loadDefaults();
@@ -831,8 +831,8 @@ class User {
 		if ( isset( $_SESSION['wsToken'] ) ) {
 			$passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
 			$from = 'session';
-		} else if ( isset( $_COOKIE["{$wgCookiePrefix}Token"] ) ) {
-			$passwordCorrect = $this->mToken == $_COOKIE["{$wgCookiePrefix}Token"];
+		} else if ( !is_null( $wgRequest->getCookie( 'Token' ) ) ) {
+			$passwordCorrect = $this->mToken == $wgRequest->getCookie( 'Token' );
 			$from = 'cookie';
 		} else {
 			# No session or persistent login cookie
diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index 949901fdaa..63cd706d7a 100644
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -46,16 +46,18 @@ class WebRequest {
 	var $data = array();
 	var $headers;
 	private $_response;
+	private $cookies = array();
 
 	function __construct() {
-		/// @fixme This preemptive de-quoting can interfere with other web libraries
-		///        and increases our memory footprint. It would be cleaner to do on
-		///        demand; but currently we have no wrapper for $_SERVER etc.
-		$this->checkMagicQuotes();
-
 		// POST overrides GET data
 		// We don't use $_REQUEST here to avoid interference from cookies...
 		$this->data = wfArrayMerge( $_GET, $_POST );
+		$this->cookies = $_COOKIE;
+
+		/// @fixme This preemptive de-quoting increases our memory footprint. 
+		/// It would be cleaner to do on demand; but currently we have no 
+		/// wrapper for $_SERVER etc.
+		$this->checkMagicQuotes();		
 	}
 
 	/**
@@ -183,10 +185,9 @@ class WebRequest {
 	 */
 	function checkMagicQuotes() {
 		if ( function_exists( 'get_magic_quotes_gpc' ) && get_magic_quotes_gpc() ) {
-			$this->fix_magic_quotes( $_COOKIE );
+			$this->fix_magic_quotes( $this->cookies );
 			$this->fix_magic_quotes( $_ENV );
-			$this->fix_magic_quotes( $_GET );
-			$this->fix_magic_quotes( $_POST );
+			$this->fix_magic_quotes( $this->data );
 			$this->fix_magic_quotes( $_REQUEST );
 			$this->fix_magic_quotes( $_SERVER );
 		}
@@ -398,6 +399,23 @@ class WebRequest {
 		return $_SERVER['REQUEST_METHOD'] == 'POST';
 	}
 
+	/**
+	 * Get a cookie that has been sent through fix_magic_quotes().
+	 * $wgCookiePrefix added before requesting, so no need to do
+	 * it yourself.
+	 * 
+	 * @param string $key Key of the cookie name
+	 * @param bool $addPrefix Whether to append $wgCookiePrefix (ie: most of the time)
+	 * @return mixed (value or null if not found)
+	 */
+	function getCookie( $key, $addPrefix = true ) {
+		if ( $addPrefix ) {
+			global $wgCookiePrefix;
+			$key = $wgCookiePrefix . $key;
+		}
+		return isset( $this->cookies[$key] ) ? $this->cookies[$key] : null;
+	}
+
 	/**
 	 * Returns true if there is a session cookie set.
 	 * This does not necessarily mean that the user is logged in!
@@ -410,7 +428,7 @@ class WebRequest {
 	 * @return bool
 	 */
 	function checkSessionCookie() {
-		return isset( $_COOKIE[session_name()] );
+		return !is_null( $this->getCookie( session_name(), false ) );
 	}
 
 	/**
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 82a1ac99fd..5f76909922 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -742,7 +742,7 @@ class LoginForm {
 	 */
 	function mainLoginForm( $msg, $msgtype = 'error' ) {
 		global $wgUser, $wgOut, $wgAllowRealName, $wgEnableEmail;
-		global $wgCookiePrefix, $wgAuth, $wgLoginLanguageSelector;
+		global $wgRequest, $wgAuth, $wgLoginLanguageSelector;
 		global $wgAuth, $wgEmailConfirmToEdit, $wgCookieExpiration;
 		
 		$titleObj = SpecialPage::getTitleFor( 'Userlogin' );
@@ -767,7 +767,7 @@ class LoginForm {
 			if ( $wgUser->isLoggedIn() ) {
 				$this->mName = $wgUser->getName();
 			} else {
-				$this->mName = isset( $_COOKIE[$wgCookiePrefix.'UserName'] ) ? $_COOKIE[$wgCookiePrefix.'UserName'] : null;
+				$this->mName = isset( $wgRequest->getCookie('UserName') ) ? $wgRequest->getCookie('UserName') : null;
 			}
 		}