PF_AutoeditAPI.php logs users out on MediaWiki 1.27+ that use the AuthManager and SessionManager API.
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Alexia
	Mar 15 2018, 7:16 PM

Description

Editing any page with a form logs an user out on a wiki that uses MediaWiki's 1.27 and higher AuthManager and SessionManager API. This patch fixes that, but will most likely break backwards compatibility with MediaWiki lower than 1.27. Before I toss in a Gerrit review for this would you prefer to break backwards compatibility or come up with feature detection?

Tested with PageForms 4.1 and 4.3.

diff --git a/extensions/PageForms/includes/PF_AutoeditAPI.php b/extensions/PageForms/includes/PF_AutoeditAPI.php
index d0d944025..1ea733f59 100644
--- a/extensions/PageForms/includes/PF_AutoeditAPI.php
+++ b/extensions/PageForms/includes/PF_AutoeditAPI.php
@@ -857,11 +857,7 @@ class PFAutoeditAPI extends ApiBase {
             $pageExists = true;
 
             // Spoof $wgRequest for PFFormPrinter::formHTML().
-            if ( isset( $_SESSION ) ) {
-                $wgRequest = new FauxRequest( $this->mOptions, true, $_SESSION );
-            } else {
-                $wgRequest = new FauxRequest( $this->mOptions, true );
-            }
+            $wgRequest = new FauxRequest( $this->mOptions, true, \RequestContext::getMain()->getRequest()->getSession() );
             // Call PFFormPrinter::formHTML() to get at the form
             // HTML of the existing page.
             list( $formHTML, $targetContent, $form_page_title, $generatedTargetNameFormula ) =
@@ -889,11 +885,7 @@ class PFAutoeditAPI extends ApiBase {
         }
 
         // Spoof $wgRequest for PFFormPrinter::formHTML().
-        if ( isset( $_SESSION ) ) {
-            $wgRequest = new FauxRequest( $this->mOptions, true, $_SESSION );
-        } else {
-            $wgRequest = new FauxRequest( $this->mOptions, true );
-        }
+        $wgRequest = new FauxRequest( $this->mOptions, true, \RequestContext::getMain()->getRequest()->getSession() );
 
         // Get wikitext for submitted data and form - call formHTML(),
         // if we haven't called it already.

Details

	Subject	Repo	Branch	Lines +/-
	Replace $SESSION with RequestContext...getSession()	mediawiki/extensions/PageForms	master	+4 -10

Customize query in gerrit

Related Objects

Mentioned In: T257477: Preview fails when $wgRawHtml is activated
Mentioned Here: T257477: Preview fails when $wgRawHtml is activated

Event Timeline

Alexia created this task.Mar 15 2018, 7:16 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 15 2018, 7:16 PM

Alexia updated the task description. (Show Details)Mar 15 2018, 7:17 PM

Seb35 mentioned this in T257477: Preview fails when $wgRawHtml is activated.Jul 8 2020, 4:28 PM

Seeing this task when searching for the task opened in T257477, I did not observe this behaviour on any wiki (public wiki, private wiki, private wiki with $wgRawHtml activated), at least with recent versions (1.34 as of writing), and applying the provided patch did not fix the bug reported there. @Alexia Does this bug still exist? And if yes how to reproduce it exactly?

Anyway the patch provided should probably be applied to use the centralised session management from MediaWiki.

Change 790439 had a related patch set uploaded (by Yaron Koren; author: Yaron Koren):

[mediawiki/extensions/PageForms@master] Replace $SESSION with RequestContext...getSession()

https://gerrit.wikimedia.org/r/790439

gerritbot added a project: Patch-For-Review.May 10 2022, 8:29 PM

Change 790439 merged by jenkins-bot: