Page MenuHomePhabricator

PF_AutoeditAPI.php logs users out on MediaWiki 1.27+ that use the AuthManager and SessionManager API.
Open, Needs TriagePublic

Description

Editing any page with a form logs an user out on a wiki that uses MediaWiki's 1.27 and higher AuthManager and SessionManager API. This patch fixes that, but will most likely break backwards compatibility with MediaWiki lower than 1.27. Before I toss in a Gerrit review for this would you prefer to break backwards compatibility or come up with feature detection?

Tested with PageForms 4.1 and 4.3.

diff --git a/extensions/PageForms/includes/PF_AutoeditAPI.php b/extensions/PageForms/includes/PF_AutoeditAPI.php
index d0d944025..1ea733f59 100644
--- a/extensions/PageForms/includes/PF_AutoeditAPI.php
+++ b/extensions/PageForms/includes/PF_AutoeditAPI.php
@@ -857,11 +857,7 @@ class PFAutoeditAPI extends ApiBase {
             $pageExists = true;
 
             // Spoof $wgRequest for PFFormPrinter::formHTML().
-            if ( isset( $_SESSION ) ) {
-                $wgRequest = new FauxRequest( $this->mOptions, true, $_SESSION );
-            } else {
-                $wgRequest = new FauxRequest( $this->mOptions, true );
-            }
+            $wgRequest = new FauxRequest( $this->mOptions, true, \RequestContext::getMain()->getRequest()->getSession() );
             // Call PFFormPrinter::formHTML() to get at the form
             // HTML of the existing page.
             list( $formHTML, $targetContent, $form_page_title, $generatedTargetNameFormula ) =
@@ -889,11 +885,7 @@ class PFAutoeditAPI extends ApiBase {
         }
 
         // Spoof $wgRequest for PFFormPrinter::formHTML().
-        if ( isset( $_SESSION ) ) {
-            $wgRequest = new FauxRequest( $this->mOptions, true, $_SESSION );
-        } else {
-            $wgRequest = new FauxRequest( $this->mOptions, true );
-        }
+        $wgRequest = new FauxRequest( $this->mOptions, true, \RequestContext::getMain()->getRequest()->getSession() );
 
         // Get wikitext for submitted data and form - call formHTML(),
         // if we haven't called it already.

Event Timeline

Alexia created this task.Mar 15 2018, 7:16 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 15 2018, 7:16 PM
Alexia updated the task description. (Show Details)Mar 15 2018, 7:17 PM