Clear block cookie if the value is invalid

When a block cookie is present and the block is invalid or doesn't exists
or the cookie value is invalid or malformed, the cookie is removed.

Bug: T227678
Change-Id: Icaff594686c16a0eb8551b2a4392a14a969b43b0

diff --git a/includes/block/BlockManager.php b/includes/block/BlockManager.php
index b67703c..a5035bd 100644 (file)
--- a/includes/block/BlockManager.php
+++ b/includes/block/BlockManager.php
@@ -223,7 +223,7 @@ class BlockManager {
 
        /**
         * Try to load a block from an ID given in a cookie value. If the block is invalid
-        * or doesn't exist, remove the cookie.
+        * doesn't exist, or the cookie value is malformed, remove the cookie.
         *
         * @param UserIdentity $user
         * @param WebRequest $request
@@ -233,9 +233,13 @@ class BlockManager {
                UserIdentity $user,
                WebRequest $request
        ) {
-               $blockCookieId = $this->getIdFromCookieValue( $request->getCookie( 'BlockID' ) );
+               $cookieValue = $request->getCookie( 'BlockID' );
+               if ( is_null( $cookieValue ) ) {
+                       return false;
+               }
 
-               if ( $blockCookieId !== null ) {
+               $blockCookieId = $this->getIdFromCookieValue( $cookieValue );
+               if ( !is_null( $blockCookieId ) ) {
                        // TODO: remove dependency on DatabaseBlock
                        $block = DatabaseBlock::newFromID( $blockCookieId );
                        if (
@@ -244,9 +248,10 @@ class BlockManager {
                        ) {
                                return $block;
                        }
-                       $this->clearBlockCookie( $request->response() );
                }
 
+               $this->clearBlockCookie( $request->response() );
+
                return false;
        }