summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2011-05-06 23:34:10 +0200
committerPierre Schmitz <pierre@archlinux.de>2011-05-06 23:34:10 +0200
commit78677c7bbdcc9739f6c10c75935898a20e1acd9e (patch)
tree1c0710a98e60f3cf988def7a2879e3489269cb91 /includes
parent75abb5292328bdb07a91ad7229a121ab3446569d (diff)
update to MediaWiki 1.16.5
Diffstat (limited to 'includes')
-rw-r--r--includes/DefaultSettings.php2
-rw-r--r--includes/User.php28
-rw-r--r--includes/WebRequest.php2
3 files changed, 23 insertions, 9 deletions
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index e4864edb..54a96d44 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -33,7 +33,7 @@ if ( !defined( 'MW_PHP4' ) ) {
}
/** MediaWiki version number */
-$wgVersion = '1.16.4';
+$wgVersion = '1.16.5';
/** Name of the site. It must be changed in LocalSettings.php */
$wgSitename = 'MediaWiki';
diff --git a/includes/User.php b/includes/User.php
index 51ffe70a..fb19ddf2 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -897,24 +897,25 @@ class User {
}
$passwordCorrect = FALSE;
- $this->mId = $sId;
- if ( !$this->loadFromId() ) {
- # Not a valid ID, loadFromId has switched the object to anon for us
+ $proposedUser = User::newFromId( $sId );
+ if ( !$proposedUser->isLoggedIn() ) {
+ # Not a valid ID
+ $this->loadDefaults();
return false;
}
global $wgBlockDisablesLogin;
- if( $wgBlockDisablesLogin && $this->isBlocked() ) {
+ if( $wgBlockDisablesLogin && $proposedUser->isBlocked() ) {
# User blocked and we've disabled blocked user logins
$this->loadDefaults();
return false;
}
if ( isset( $_SESSION['wsToken'] ) ) {
- $passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
+ $passwordCorrect = $proposedUser->getToken() === $_SESSION['wsToken'];
$from = 'session';
} else if ( isset( $_COOKIE["{$wgCookiePrefix}Token"] ) ) {
- $passwordCorrect = $this->mToken == $_COOKIE["{$wgCookiePrefix}Token"];
+ $passwordCorrect = $proposedUser->getToken() === $_COOKIE["{$wgCookiePrefix}Token"];
$from = 'cookie';
} else {
# No session or persistent login cookie
@@ -922,7 +923,8 @@ class User {
return false;
}
- if ( ( $sName == $this->mName ) && $passwordCorrect ) {
+ if ( ( $sName === $proposedUser->getName() ) && $passwordCorrect ) {
+ $this->loadFromUserObject( $proposedUser );
$_SESSION['wsToken'] = $this->mToken;
wfDebug( "Logged in from $from\n" );
return true;
@@ -935,6 +937,18 @@ class User {
}
/**
+ * Load the data for this user object from another user object.
+ */
+ protected function loadFromUserObject( $user ) {
+ $user->load();
+ $user->loadGroups();
+ $user->loadOptions();
+ foreach ( self::$mCacheVars as $var ) {
+ $this->$var = $user->$var;
+ }
+ }
+
+ /**
* Load user and user_group data from the database.
* $this::mId must be set, this is how the user is identified.
*
diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index a1d02d9c..877f7cf6 100644
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -697,7 +697,7 @@ class WebRequest {
global $wgScriptExtension;
if ( isset( $_SERVER['QUERY_STRING'] )
- && preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
+ && preg_match( '/\.[^\\/:*?"<>|%]+(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
{
// Bug 28235
// Block only Internet Explorer, and requests with missing UA