dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 899f475)
Avoid session double-start in Setup.php
authorBrad Jorsch <bjorsch@wikimedia.org>
Sat, 12 Jan 2019 19:16:52 +0000 (14:16 -0500)
committerReedy <reedy@wikimedia.org>
Wed, 16 Jan 2019 15:10:42 +0000 (15:10 +0000)
In PHP before 7.3, the double start doesn't really matter: session_id()
changes the ID even if it was already started, and the warning from
session_start() can just be ignored. Which is what we did.

In PHP 7.3, now session_id() also warns and no longer changes the ID. To
preserve the previous behavior, we'll need to explicitly close the old
session and open the new one.

Bug: T213489
Change-Id: I02a5be1c3adb326927c156fdd00663bccee37477

RELEASE-NOTES-1.31 patch | blob | history
includes/Setup.php patch | blob | history

diff --git a/RELEASE-NOTES-1.31 b/RELEASE-NOTES-1.31
index fa89df3..e27cda2 100644 (file)
--- a/RELEASE-NOTES-1.31
+++ b/RELEASE-NOTES-1.31
@@ -23,6 +23,7 @@ THIS IS NOT A RELEASE YET
   * (T207112) Add session_write_close() calls to SessionManager tests
   * oyejorge/less.php replaced with our fork wikimedia/less.php
   * (T209756) Updated wikimedia/ip-set from 1.2.0 to 1.3.0.
+  * (T213489) Avoid session double-start in Setup.php.
 * (T207540) Include IP address in "Login for $1 succeeded" log entry.
 * (T201781) Database: Allow selectFieldValues() to accept SQL fragments
 * (T205765) installer: Don't link to the obsolete "Extension Matrix" page
diff --git a/includes/Setup.php b/includes/Setup.php
index f402594..7b7cafc 100644 (file)
--- a/includes/Setup.php
+++ b/includes/Setup.php
@@ -869,11 +869,19 @@ if ( !defined( 'MW_NO_SESSION' ) && !$wgCommandLineMode ) {
 
        $session->renew();
        if ( MediaWiki\Session\PHPSessionHandler::isEnabled() &&
-               ( $session->isPersistent() || $session->shouldRememberUser() )
+               ( $session->isPersistent() || $session->shouldRememberUser() ) &&
+               session_id() !== $session->getId()
        ) {
                // Start the PHP-session for backwards compatibility
+               if ( session_id() !== '' ) {
+                       wfDebugLog( 'session', 'PHP session {old_id} was already started, changing to {new_id}', 'all', [
+                               'old_id' => session_id(),
+                               'new_id' => $session->getId(),
+                       ] );
+                       session_write_close();
+               }
                session_id( $session->getId() );
-               Wikimedia\quietCall( 'session_start' );
+               session_start();
        }
 
        unset( $session );
Wiklou, le Wiki du Wiklou