Page MenuHomePhabricator

Clear block cookie if the value is invalid
Closed, ResolvedPublic2 Estimated Story Points


The value of a block cookie should begin with a block ID. In BlockManager::getBlockFromCookieValue, if this ID points to an invalid (e.g. expired) block, the cookie is cleared; however, if it does not begin with a block ID (or contains an invalid hash), it is not currently cleared. It should be cleared in both cases.

Event Timeline

Restricted Application added subscribers: MGChecker, Aklapper. ยท View Herald TranscriptJul 10 2019, 3:44 PM
Niharika triaged this task as Medium priority.Jul 31 2019, 4:09 PM
Niharika set the point value for this task to 2.
dbarratt removed dbarratt as the assignee of this task.Aug 8 2019, 8:41 PM
dbarratt added a subscriber: dbarratt.

Change 530946 had a related patch set uploaded (by Dmaza; owner: Dmaza):
[mediawiki/core@master] Clear block cookie if the value is invalid

Change 530946 merged by jenkins-bot:
[mediawiki/core@master] Clear block cookie if the value is invalid

dom_walden added a subscriber: dom_walden.

If I attempt to modify a block cookie (e.g. changing the hash value, block id, invalid format) it gets cleared when I attempt to edit a page (either using VisualEditor or source editor) or create an account.

This is the case for both User (autoblock) and IP cookies.

Regression-wise, the correct block is still being set from the cookie (which is what the function we have modified, getBlockFromCookieValue, is supposed to do).

dmaza closed this task as Resolved.Aug 22 2019, 1:58 PM