/** * Get a hash of a file's contents, either by retrieving a previously- * computed hash from the cache, or by computing a hash from the file. * * @private * @param string $filePath Full path to the file. * @param string $algo Name of selected hashing algorithm. * @return string|bool Hash of file contents, or false if the file could not be read. */ public function getFileContentsHashInternal($filePath, $algo = 'md4') { $mtime = MediaWiki\quietCall('filemtime', $filePath); if ($mtime === false) { return false; } $cacheKey = wfGlobalCacheKey(__CLASS__, $filePath, $mtime, $algo); $hash = $this->cache->get($cacheKey); if ($hash) { return $hash; } $contents = MediaWiki\quietCall('file_get_contents', $filePath); if ($contents === false) { return false; } $hash = hash($algo, $contents); $this->cache->set($cacheKey, $hash, 60 * 60 * 24); // 24h return $hash; }
$list[] = $info->getProvider()->describe($wgContLang); } $list = $wgContLang->listToText($list); throw new HttpError(400, Message::newFromKey('sessionmanager-tie', $list)->inLanguage($wgContLang)->plain()); } // Not the one we want, rethrow throw $ex; } if ($session->isPersistent()) { $wgInitialSessionId = $session->getSessionId(); } $session->renew(); if (MediaWiki\Session\PHPSessionHandler::isEnabled() && ($session->isPersistent() || $session->shouldRememberUser())) { // Start the PHP-session for backwards compatibility session_id($session->getId()); MediaWiki\quietCall('session_start'); } unset($session); } else { // Even if we didn't set up a global Session, still install our session // handler unless specifically requested not to. if (!defined('MW_NO_SESSION_HANDLER')) { MediaWiki\Session\PHPSessionHandler::install(MediaWiki\Session\SessionManager::singleton()); } } Profiler::instance()->scopedProfileOut($ps_session); /** * @var User $wgUser */ $wgUser = RequestContext::getMain()->getUser(); // BackCompat
/** * Import an client IP address, HTTP headers, user ID, and session ID * * This sets the current session, $wgUser, and $wgRequest from $params. * Once the return value falls out of scope, the old context is restored. * This method should only be called in contexts where there is no session * ID or end user receiving the response (CLI or HTTP job runners). This * is partly enforced, and is done so to avoid leaking cookies if certain * error conditions arise. * * This is useful when background scripts inherit context when acting on * behalf of a user. In general the 'sessionId' parameter should be set * to an empty string unless session importing is *truly* needed. This * feature is somewhat deprecated. * * @note suhosin.session.encrypt may interfere with this method. * * @param array $params Result of RequestContext::exportSession() * @return ScopedCallback * @throws MWException * @since 1.21 */ public static function importScopedSession(array $params) { if (strlen($params['sessionId']) && MediaWiki\Session\SessionManager::getGlobalSession()->isPersistent()) { // Sanity check to avoid sending random cookies for the wrong users. // This method should only called by CLI scripts or by HTTP job runners. throw new MWException("Sessions can only be imported when none is active."); } elseif (!IP::isValid($params['ip'])) { throw new MWException("Invalid client IP address '{$params['ip']}'."); } if ($params['userId']) { // logged-in user $user = User::newFromId($params['userId']); $user->load(); if (!$user->getId()) { throw new MWException("No user with ID '{$params['userId']}'."); } } else { // anon user $user = User::newFromName($params['ip'], false); } $importSessionFunc = function (User $user, array $params) { global $wgRequest, $wgUser; $context = RequestContext::getMain(); // Commit and close any current session if (MediaWiki\Session\PHPSessionHandler::isEnabled()) { session_write_close(); // persist session_id(''); // detach $_SESSION = []; // clear in-memory array } // Get new session, if applicable $session = null; if (strlen($params['sessionId'])) { // don't make a new random ID $manager = MediaWiki\Session\SessionManager::singleton(); $session = $manager->getSessionById($params['sessionId'], true) ?: $manager->getEmptySession(); } // Remove any user IP or agent information, and attach the request // with the new session. $context->setRequest(new FauxRequest([], false, $session)); $wgRequest = $context->getRequest(); // b/c // Now that all private information is detached from the user, it should // be safe to load the new user. If errors occur or an exception is thrown // and caught (leaving the main context in a mixed state), there is no risk // of the User object being attached to the wrong IP, headers, or session. $context->setUser($user); $wgUser = $context->getUser(); // b/c if ($session && MediaWiki\Session\PHPSessionHandler::isEnabled()) { session_id($session->getId()); MediaWiki\quietCall('session_start'); } $request = new FauxRequest([], false, $session); $request->setIP($params['ip']); foreach ($params['headers'] as $name => $value) { $request->setHeader($name, $value); } // Set the current context to use the new WebRequest $context->setRequest($request); $wgRequest = $context->getRequest(); // b/c }; // Stash the old session and load in the new one $oUser = self::getMain()->getUser(); $oParams = self::getMain()->exportSession(); $oRequest = self::getMain()->getRequest(); $importSessionFunc($user, $params); // Set callback to save and close the new session and reload the old one return new ScopedCallback(function () use($importSessionFunc, $oUser, $oParams, $oRequest) { global $wgRequest; $importSessionFunc($oUser, $oParams); // Restore the exact previous Request object (instead of leaving FauxRequest) RequestContext::getMain()->setRequest($oRequest); $wgRequest = RequestContext::getMain()->getRequest(); // b/c }); }
/** * Initialise php session * * @deprecated since 1.27, use MediaWiki\Session\SessionManager instead. * Generally, "using" SessionManager will be calling ->getSessionById() or * ::getGlobalSession() (depending on whether you were passing $sessionId * here), then calling $session->persist(). * @param bool|string $sessionId */ function wfSetupSession($sessionId = false) { wfDeprecated(__FUNCTION__, '1.27'); if ($sessionId) { session_id($sessionId); } $session = SessionManager::getGlobalSession(); $session->persist(); if (session_id() !== $session->getId()) { session_id($session->getId()); } MediaWiki\quietCall('session_start'); }
/** * Initialise php session * * @deprecated since 1.27, use MediaWiki\\Session\\SessionManager instead. * Generally, "using" SessionManager will be calling ->getSessionById() or * ::getGlobalSession() (depending on whether you were passing $sessionId * here), then calling $session->persist(). * @param bool|string $sessionId */ function wfSetupSession($sessionId = false) { wfDeprecated(__FUNCTION__, '1.27'); // If they're calling this, they probably want our session management even // if NO_SESSION was set for Setup.php. if (!MediaWiki\Session\PHPSessionHandler::isInstalled()) { MediaWiki\Session\PHPSessionHandler::install(SessionManager::singleton()); } if ($sessionId) { session_id($sessionId); } $session = SessionManager::getGlobalSession(); $session->persist(); if (session_id() !== $session->getId()) { session_id($session->getId()); } MediaWiki\quietCall('session_cache_limiter', 'private, must-revalidate'); MediaWiki\quietCall('session_start'); }
public function testResetIdOfGlobalSession() { if (!PHPSessionHandler::isInstalled()) { PHPSessionHandler::install(SessionManager::singleton()); } if (!PHPSessionHandler::isEnabled()) { $rProp = new \ReflectionProperty('MediaWiki\\Session\\PHPSessionHandler', 'instance'); $rProp->setAccessible(true); $handler = \TestingAccessWrapper::newFromObject($rProp->getValue()); $resetHandler = new \ScopedCallback(function () use($handler) { session_write_close(); $handler->enable = false; }); $handler->enable = true; } $backend = $this->getBackend(User::newFromName('UTSysop')); \TestingAccessWrapper::newFromObject($backend)->usePhpSessionHandling = true; TestUtils::setSessionManagerSingleton($this->manager); $manager = \TestingAccessWrapper::newFromObject($this->manager); $request = \RequestContext::getMain()->getRequest(); $manager->globalSession = $backend->getSession($request); $manager->globalSessionRequest = $request; session_id(self::SESSIONID); \MediaWiki\quietCall('session_start'); $backend->resetId(); $this->assertNotEquals(self::SESSIONID, $backend->getId()); $this->assertSame($backend->getId(), session_id()); session_write_close(); session_id(''); $this->assertNotSame($backend->getId(), session_id(), 'sanity check'); $backend->persist(); $this->assertSame($backend->getId(), session_id()); session_write_close(); }
/** * For backwards compatibility, open the PHP session when the global * session is persisted */ private function checkPHPSession() { if (!$this->checkPHPSessionRecursionGuard) { $this->checkPHPSessionRecursionGuard = true; $reset = new \ScopedCallback(function () { $this->checkPHPSessionRecursionGuard = false; }); if ($this->usePhpSessionHandling && session_id() === '' && PHPSessionHandler::isEnabled() && SessionManager::getGlobalSession()->getId() === (string) $this->id) { $this->logger->debug('SessionBackend "{session}" Taking over PHP session', ['session' => $this->id]); session_id((string) $this->id); \MediaWiki\quietCall('session_start'); } } }
/** * For backwards compatibility, open the PHP session when the global * session is persisted */ private function checkPHPSession() { if (!$this->checkPHPSessionRecursionGuard) { $this->checkPHPSessionRecursionGuard = true; $ref =& $this->checkPHPSessionRecursionGuard; $reset = new \ScopedCallback(function () use(&$ref) { $ref = false; }); if ($this->usePhpSessionHandling && session_id() === '' && PHPSessionHandler::isEnabled() && SessionManager::getGlobalSession()->getId() === (string) $this->id) { $this->logger->debug("SessionBackend {$this->id}: Taking over PHP session"); session_id((string) $this->id); \MediaWiki\quietCall('session_cache_limiter', 'private, must-revalidate'); \MediaWiki\quietCall('session_start'); } } }