use Liuggio\StatsdClient\Sender\SocketSender;
use MediaWiki\Logger\LoggerFactory;
-use MediaWiki\Session\SessionManager;
// Hide compatibility functions from Doxygen
/// @cond
$message = str_replace( "\r", '', $message );
// Replace arguments
- if ( count( $args ) ) {
+ if ( is_array( $args ) && $args ) {
if ( is_array( $args[0] ) ) {
$args = array_values( $args[0] );
}
/**
* Tries to get the system directory for temporary files. First
* $wgTmpDirectory is checked, and then the TMPDIR, TMP, and TEMP
- * environment variables are then checked in sequence, and if none are
- * set try sys_get_temp_dir().
+ * environment variables are then checked in sequence, then
+ * sys_get_temp_dir(), then upload_tmp_dir from php.ini.
*
* NOTE: When possible, use instead the tmpfile() function to create
* temporary files to avoid race conditions on file creation, etc.
}
$tmpDir = array_map( "getenv", array( 'TMPDIR', 'TMP', 'TEMP' ) );
+ $tmpDir[] = sys_get_temp_dir();
+ $tmpDir[] = ini_get( 'upload_tmp_dir' );
foreach ( $tmpDir as $tmp ) {
if ( $tmp && file_exists( $tmp ) && is_dir( $tmp ) && is_writable( $tmp ) ) {
return $tmp;
}
}
- return sys_get_temp_dir();
+ throw new MWException( 'No writable temporary directory could be found. ' .
+ 'Please set $wgTmpDirectory to a writable directory.' );
}
/**
/**
* Check if there is sufficient entropy in php's built-in session generation
*
- * @deprecated since 1.27, PHP's session generation isn't used with
- * MediaWiki\\Session\\SessionManager
* @return bool True = there is sufficient entropy
*/
function wfCheckEntropy() {
- wfDeprecated( __FUNCTION__, '1.27' );
return (
( wfIsWindows() && version_compare( PHP_VERSION, '5.3.3', '>=' ) )
|| ini_get( 'session.entropy_file' )
}
/**
- * @deprecated since 1.27, PHP's session generation isn't used with
- * MediaWiki\\Session\\SessionManager
+ * Override session_id before session startup if php's built-in
+ * session generation code is not secure.
*/
function wfFixSessionID() {
- wfDeprecated( __FUNCTION__, '1.27' );
+ // If the cookie or session id is already set we already have a session and should abort
+ if ( isset( $_COOKIE[session_name()] ) || session_id() ) {
+ return;
+ }
+
+ // PHP's built-in session entropy is enabled if:
+ // - entropy_file is set or you're on Windows with php 5.3.3+
+ // - AND entropy_length is > 0
+ // We treat it as disabled if it doesn't have an entropy length of at least 32
+ $entropyEnabled = wfCheckEntropy();
+
+ // If built-in entropy is not enabled or not sufficient override PHP's
+ // built in session id generation code
+ if ( !$entropyEnabled ) {
+ wfDebug( __METHOD__ . ": PHP's built in entropy is disabled or not sufficient, " .
+ "overriding session id generation using our cryptrand source.\n" );
+ session_id( MWCryptRand::generateHex( 32 ) );
+ }
}
/**
- * Reset the session id
+ * Reset the session_id
*
- * @deprecated since 1.27, use MediaWiki\\Session\\SessionManager instead
* @since 1.22
*/
function wfResetSessionID() {
- wfDeprecated( __FUNCTION__, '1.27' );
- $session = SessionManager::getGlobalSession();
- $delay = $session->delaySave();
-
- $session->resetId();
-
- // Make sure a session is started, since that's what the old
- // wfResetSessionID() did.
- if ( session_id() !== $session->getId() ) {
- wfSetupSession( $session->getId() );
+ global $wgCookieSecure;
+ $oldSessionId = session_id();
+ $cookieParams = session_get_cookie_params();
+ if ( wfCheckEntropy() && $wgCookieSecure == $cookieParams['secure'] ) {
+ session_regenerate_id( false );
+ } else {
+ $tmp = $_SESSION;
+ session_destroy();
+ wfSetupSession( MWCryptRand::generateHex( 32 ) );
+ $_SESSION = $tmp;
}
-
- ScopedCallback::consume( $delay );
+ $newSessionId = session_id();
}
/**
* Initialise php session
*
- * @deprecated since 1.27, use MediaWiki\\Session\\SessionManager instead.
- * Generally, "using" SessionManager will be calling ->getSessionById() or
- * ::getGlobalSession() (depending on whether you were passing $sessionId
- * here), then calling $session->persist().
- * @param bool|string $sessionId
+ * @param bool $sessionId
*/
function wfSetupSession( $sessionId = false ) {
- wfDeprecated( __FUNCTION__, '1.27' );
+ global $wgSessionsInObjectCache, $wgSessionHandler;
+ global $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly;
- // If they're calling this, they probably want our session management even
- // if NO_SESSION was set for Setup.php.
- if ( !MediaWiki\Session\PHPSessionHandler::isInstalled() ) {
- MediaWiki\Session\PHPSessionHandler::install( SessionManager::singleton() );
+ if ( $wgSessionsInObjectCache ) {
+ ObjectCacheSessionHandler::install();
+ } elseif ( $wgSessionHandler && $wgSessionHandler != ini_get( 'session.save_handler' ) ) {
+ # Only set this if $wgSessionHandler isn't null and session.save_handler
+ # hasn't already been set to the desired value (that causes errors)
+ ini_set( 'session.save_handler', $wgSessionHandler );
}
+ session_set_cookie_params(
+ 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly );
+ session_cache_limiter( 'private, must-revalidate' );
if ( $sessionId ) {
session_id( $sessionId );
+ } else {
+ wfFixSessionID();
}
- $session = SessionManager::getGlobalSession();
- $session->persist();
+ MediaWiki\suppressWarnings();
+ session_start();
+ MediaWiki\restoreWarnings();
- if ( session_id() !== $session->getId() ) {
- session_id( $session->getId() );
+ if ( $wgSessionsInObjectCache ) {
+ ObjectCacheSessionHandler::renewCurrentSession();
}
-
- MediaWiki\quietCall( 'session_start' );
}
/**