/**
* Get a hash of a file's contents, either by retrieving a previously-
* computed hash from the cache, or by computing a hash from the file.
*
* @private
* @param string $filePath Full path to the file.
* @param string $algo Name of selected hashing algorithm.
* @return string|bool Hash of file contents, or false if the file could not be read.
*/
public function getFileContentsHashInternal($filePath, $algo = 'md4')
{
$mtime = MediaWiki\quietCall('filemtime', $filePath);
if ($mtime === false) {
return false;
}
$cacheKey = wfGlobalCacheKey(__CLASS__, $filePath, $mtime, $algo);
$hash = $this->cache->get($cacheKey);
if ($hash) {
return $hash;
}
$contents = MediaWiki\quietCall('file_get_contents', $filePath);
if ($contents === false) {
return false;
}
$hash = hash($algo, $contents);
$this->cache->set($cacheKey, $hash, 60 * 60 * 24);
// 24h
return $hash;
}
$list[] = $info->getProvider()->describe($wgContLang);
}
$list = $wgContLang->listToText($list);
throw new HttpError(400, Message::newFromKey('sessionmanager-tie', $list)->inLanguage($wgContLang)->plain());
}
// Not the one we want, rethrow
throw $ex;
}
if ($session->isPersistent()) {
$wgInitialSessionId = $session->getSessionId();
}
$session->renew();
if (MediaWiki\Session\PHPSessionHandler::isEnabled() && ($session->isPersistent() || $session->shouldRememberUser())) {
// Start the PHP-session for backwards compatibility
session_id($session->getId());
MediaWiki\quietCall('session_start');
}
unset($session);
} else {
// Even if we didn't set up a global Session, still install our session
// handler unless specifically requested not to.
if (!defined('MW_NO_SESSION_HANDLER')) {
MediaWiki\Session\PHPSessionHandler::install(MediaWiki\Session\SessionManager::singleton());
}
}
Profiler::instance()->scopedProfileOut($ps_session);
/**
* @var User $wgUser
*/
$wgUser = RequestContext::getMain()->getUser();
// BackCompat
/**
* Import an client IP address, HTTP headers, user ID, and session ID
*
* This sets the current session, $wgUser, and $wgRequest from $params.
* Once the return value falls out of scope, the old context is restored.
* This method should only be called in contexts where there is no session
* ID or end user receiving the response (CLI or HTTP job runners). This
* is partly enforced, and is done so to avoid leaking cookies if certain
* error conditions arise.
*
* This is useful when background scripts inherit context when acting on
* behalf of a user. In general the 'sessionId' parameter should be set
* to an empty string unless session importing is *truly* needed. This
* feature is somewhat deprecated.
*
* @note suhosin.session.encrypt may interfere with this method.
*
* @param array $params Result of RequestContext::exportSession()
* @return ScopedCallback
* @throws MWException
* @since 1.21
*/
public static function importScopedSession(array $params)
{
if (strlen($params['sessionId']) && MediaWiki\Session\SessionManager::getGlobalSession()->isPersistent()) {
// Sanity check to avoid sending random cookies for the wrong users.
// This method should only called by CLI scripts or by HTTP job runners.
throw new MWException("Sessions can only be imported when none is active.");
} elseif (!IP::isValid($params['ip'])) {
throw new MWException("Invalid client IP address '{$params['ip']}'.");
}
if ($params['userId']) {
// logged-in user
$user = User::newFromId($params['userId']);
$user->load();
if (!$user->getId()) {
throw new MWException("No user with ID '{$params['userId']}'.");
}
} else {
// anon user
$user = User::newFromName($params['ip'], false);
}
$importSessionFunc = function (User $user, array $params) {
global $wgRequest, $wgUser;
$context = RequestContext::getMain();
// Commit and close any current session
if (MediaWiki\Session\PHPSessionHandler::isEnabled()) {
session_write_close();
// persist
session_id('');
// detach
$_SESSION = [];
// clear in-memory array
}
// Get new session, if applicable
$session = null;
if (strlen($params['sessionId'])) {
// don't make a new random ID
$manager = MediaWiki\Session\SessionManager::singleton();
$session = $manager->getSessionById($params['sessionId'], true) ?: $manager->getEmptySession();
}
// Remove any user IP or agent information, and attach the request
// with the new session.
$context->setRequest(new FauxRequest([], false, $session));
$wgRequest = $context->getRequest();
// b/c
// Now that all private information is detached from the user, it should
// be safe to load the new user. If errors occur or an exception is thrown
// and caught (leaving the main context in a mixed state), there is no risk
// of the User object being attached to the wrong IP, headers, or session.
$context->setUser($user);
$wgUser = $context->getUser();
// b/c
if ($session && MediaWiki\Session\PHPSessionHandler::isEnabled()) {
session_id($session->getId());
MediaWiki\quietCall('session_start');
}
$request = new FauxRequest([], false, $session);
$request->setIP($params['ip']);
foreach ($params['headers'] as $name => $value) {
$request->setHeader($name, $value);
}
// Set the current context to use the new WebRequest
$context->setRequest($request);
$wgRequest = $context->getRequest();
// b/c
};
// Stash the old session and load in the new one
$oUser = self::getMain()->getUser();
$oParams = self::getMain()->exportSession();
$oRequest = self::getMain()->getRequest();
$importSessionFunc($user, $params);
// Set callback to save and close the new session and reload the old one
return new ScopedCallback(function () use($importSessionFunc, $oUser, $oParams, $oRequest) {
global $wgRequest;
$importSessionFunc($oUser, $oParams);
// Restore the exact previous Request object (instead of leaving FauxRequest)
RequestContext::getMain()->setRequest($oRequest);
$wgRequest = RequestContext::getMain()->getRequest();
// b/c
});
}
/**
* Initialise php session
*
* @deprecated since 1.27, use MediaWiki\Session\SessionManager instead.
* Generally, "using" SessionManager will be calling ->getSessionById() or
* ::getGlobalSession() (depending on whether you were passing $sessionId
* here), then calling $session->persist().
* @param bool|string $sessionId
*/
function wfSetupSession($sessionId = false)
{
wfDeprecated(__FUNCTION__, '1.27');
if ($sessionId) {
session_id($sessionId);
}
$session = SessionManager::getGlobalSession();
$session->persist();
if (session_id() !== $session->getId()) {
session_id($session->getId());
}
MediaWiki\quietCall('session_start');
}
/**
* Initialise php session
*
* @deprecated since 1.27, use MediaWiki\\Session\\SessionManager instead.
* Generally, "using" SessionManager will be calling ->getSessionById() or
* ::getGlobalSession() (depending on whether you were passing $sessionId
* here), then calling $session->persist().
* @param bool|string $sessionId
*/
function wfSetupSession($sessionId = false)
{
wfDeprecated(__FUNCTION__, '1.27');
// If they're calling this, they probably want our session management even
// if NO_SESSION was set for Setup.php.
if (!MediaWiki\Session\PHPSessionHandler::isInstalled()) {
MediaWiki\Session\PHPSessionHandler::install(SessionManager::singleton());
}
if ($sessionId) {
session_id($sessionId);
}
$session = SessionManager::getGlobalSession();
$session->persist();
if (session_id() !== $session->getId()) {
session_id($session->getId());
}
MediaWiki\quietCall('session_cache_limiter', 'private, must-revalidate');
MediaWiki\quietCall('session_start');
}
public function testResetIdOfGlobalSession()
{
if (!PHPSessionHandler::isInstalled()) {
PHPSessionHandler::install(SessionManager::singleton());
}
if (!PHPSessionHandler::isEnabled()) {
$rProp = new \ReflectionProperty('MediaWiki\\Session\\PHPSessionHandler', 'instance');
$rProp->setAccessible(true);
$handler = \TestingAccessWrapper::newFromObject($rProp->getValue());
$resetHandler = new \ScopedCallback(function () use($handler) {
session_write_close();
$handler->enable = false;
});
$handler->enable = true;
}
$backend = $this->getBackend(User::newFromName('UTSysop'));
\TestingAccessWrapper::newFromObject($backend)->usePhpSessionHandling = true;
TestUtils::setSessionManagerSingleton($this->manager);
$manager = \TestingAccessWrapper::newFromObject($this->manager);
$request = \RequestContext::getMain()->getRequest();
$manager->globalSession = $backend->getSession($request);
$manager->globalSessionRequest = $request;
session_id(self::SESSIONID);
\MediaWiki\quietCall('session_start');
$backend->resetId();
$this->assertNotEquals(self::SESSIONID, $backend->getId());
$this->assertSame($backend->getId(), session_id());
session_write_close();
session_id('');
$this->assertNotSame($backend->getId(), session_id(), 'sanity check');
$backend->persist();
$this->assertSame($backend->getId(), session_id());
session_write_close();
}
/**
* For backwards compatibility, open the PHP session when the global
* session is persisted
*/
private function checkPHPSession()
{
if (!$this->checkPHPSessionRecursionGuard) {
$this->checkPHPSessionRecursionGuard = true;
$reset = new \ScopedCallback(function () {
$this->checkPHPSessionRecursionGuard = false;
});
if ($this->usePhpSessionHandling && session_id() === '' && PHPSessionHandler::isEnabled() && SessionManager::getGlobalSession()->getId() === (string) $this->id) {
$this->logger->debug('SessionBackend "{session}" Taking over PHP session', ['session' => $this->id]);
session_id((string) $this->id);
\MediaWiki\quietCall('session_start');
}
}
}
/**
* For backwards compatibility, open the PHP session when the global
* session is persisted
*/
private function checkPHPSession()
{
if (!$this->checkPHPSessionRecursionGuard) {
$this->checkPHPSessionRecursionGuard = true;
$ref =& $this->checkPHPSessionRecursionGuard;
$reset = new \ScopedCallback(function () use(&$ref) {
$ref = false;
});
if ($this->usePhpSessionHandling && session_id() === '' && PHPSessionHandler::isEnabled() && SessionManager::getGlobalSession()->getId() === (string) $this->id) {
$this->logger->debug("SessionBackend {$this->id}: Taking over PHP session");
session_id((string) $this->id);
\MediaWiki\quietCall('session_cache_limiter', 'private, must-revalidate');
\MediaWiki\quietCall('session_start');
}
}
}
