Change Details

| Продукт | Версия | MediaWiki | 1.31.6 (c168a3f) 20:28, 19 декабря 2019 | PHP | 7.4.2 (fpm-fcgi) | MariaDB | 10.3.21-MariaDB-1:10.3.21+maria~disco-log | ICU | 64.2 | LuaSandbox | 3.0.3 | Lua | 5.1.5 |LilyPond | 2.18.2 | In PHP 7.4 a bug was fixed: [[ http://bugs.php.net/78929 | Bug #78929, plus signs in cookie values are converted to spaces ]]. Now, I cannot login under a username consisting of two words. One-word usernames still work. The login screen displays the username with a plus sign instead of the space. If I keep it, login fails with "wrong username or password". If I replace it with a space, I am redirected to the page version shown to anonymous users, and my subsequent edits are anonymous. The cookies for user name and user ID are set correctly. The debug log says: ``` … User: cache miss for user 22 … User: loading options for user 22 from database … Session "ecd5g7rtb2mnckj8mg5tben39blchujn" requested with mismatched UserID and UserName cookies. … [session] SessionBackend "834q3173a0ovtdfqocreua0pq447su39" is unsaved, marking dirty in constructor [session] SessionBackend "834q3173a0ovtdfqocreua0pq447su39" save: dataDirty=1 metaDirty=1 forcePersist=0 [cookie] setcookie: "…_session", "", "1548417355", "/", "", "", "1" [cookie] setcookie: "…UserID", "", "1548417355", "/", "", "", "1" [cookie] already deleted setcookie: "…Token", "", "1548417355", "/", "", "", "1" [cookie] already deleted setcookie: "forceHTTPS", "", "1548417355", "/", "", "", "1" … ``` `LocalSettings.php`: ``` $wgSessionCacheType = CACHE_DB; ``` `php.ini`: ``` session.save_handler = files session.save_path = "/var/cache/session" ``` I have managed to temporarily fix the isuue by wrapping `$this->getCookie( $request, 'UserName', $prefix )` in `CookieSessionProvider::getUserInfoFromCookies ()` with `urldecode ()`.

| Продукт | Версия | MediaWiki | 1.31.6 (c168a3f) 20:28, 19 декабря 2019 | PHP | 7.4.2 (fpm-fcgi) | MariaDB | 10.3.21-MariaDB-1:10.3.21+maria~disco-log | ICU | 64.2 | LuaSandbox | 3.0.3 | Lua | 5.1.5 |LilyPond | 2.18.2 | In PHP 7.4 a bug was fixed: [[ http://bugs.php.net/78929 | Bug #78929, plus signs in cookie values are converted to spaces ]]. Now, I cannot login under a username consisting of two words. One-word usernames still work. The login screen displays the username with a plus sign instead of the space. If I keep it, login fails with "wrong username or password". If I replace it with a space, I am redirected to the page version shown to anonymous users, and my subsequent edits are anonymous. The cookies for user name and user ID are set correctly. The debug log says: ``` … User: cache miss for user 22 … User: loading options for user 22 from database … Session "ecd5g7rtb2mnckj8mg5tben39blchujn" requested with mismatched UserID and UserName cookies. … [session] SessionBackend "834q3173a0ovtdfqocreua0pq447su39" is unsaved, marking dirty in constructor [session] SessionBackend "834q3173a0ovtdfqocreua0pq447su39" save: dataDirty=1 metaDirty=1 forcePersist=0 [cookie] setcookie: "…_session", "", "1548417355", "/", "", "", "1" [cookie] setcookie: "…UserID", "", "1548417355", "/", "", "", "1" [cookie] already deleted setcookie: "…Token", "", "1548417355", "/", "", "", "1" [cookie] already deleted setcookie: "forceHTTPS", "", "1548417355", "/", "", "", "1" … ``` `LocalSettings.php`: ``` $wgSessionCacheType = CACHE_DB; ``` `php.ini`: ``` session.save_handler = files session.save_path = "/var/cache/session" ``` I have managed to temporarily fix the issue by wrapping `$this->getCookie( $request, 'UserName', $prefix )` in `CookieSessionProvider::getUserInfoFromCookies ()` with `urldecode ()`.

| Продукт | Версия | MediaWiki | 1.31.6 (c168a3f) 20:28, 19 декабря 2019 | PHP | 7.4.2 (fpm-fcgi) | MariaDB | 10.3.21-MariaDB-1:10.3.21+maria~disco-log | ICU | 64.2 | LuaSandbox | 3.0.3 | Lua | 5.1.5 |LilyPond | 2.18.2 | In PHP 7.4 a bug was fixed: [[ http://bugs.php.net/78929 | Bug #78929, plus signs in cookie values are converted to spaces ]]. Now, I cannot login under a username consisting of two words. One-word usernames still work. The login screen displays the username with a plus sign instead of the space. If I keep it, login fails with "wrong username or password". If I replace it with a space, I am redirected to the page version shown to anonymous users, and my subsequent edits are anonymous. The cookies for user name and user ID are set correctly. The debug log says: ``` … User: cache miss for user 22 … User: loading options for user 22 from database … Session "ecd5g7rtb2mnckj8mg5tben39blchujn" requested with mismatched UserID and UserName cookies. … [session] SessionBackend "834q3173a0ovtdfqocreua0pq447su39" is unsaved, marking dirty in constructor [session] SessionBackend "834q3173a0ovtdfqocreua0pq447su39" save: dataDirty=1 metaDirty=1 forcePersist=0 [cookie] setcookie: "…_session", "", "1548417355", "/", "", "", "1" [cookie] setcookie: "…UserID", "", "1548417355", "/", "", "", "1" [cookie] already deleted setcookie: "…Token", "", "1548417355", "/", "", "", "1" [cookie] already deleted setcookie: "forceHTTPS", "", "1548417355", "/", "", "", "1" … ``` `LocalSettings.php`: ``` $wgSessionCacheType = CACHE_DB; ``` `php.ini`: ``` session.save_handler = files session.save_path = "/var/cache/session" ``` I have managed to temporarily fix the isuueissue by wrapping `$this->getCookie( $request, 'UserName', $prefix )` in `CookieSessionProvider::getUserInfoFromCookies ()` with `urldecode ()`.