Page MenuHomePhabricator
Create Task
Maniphest T41674

User::load() does not account for failure to load from session.
Closed, ResolvedPublic
Actions

Description

It seems when a user is loaded from session, but the UserLoadFromSession hook aborts the process (by settings $result to false), User::load() will just not do anything. In other words, when a hook aborts, the User private variables are not initialized, meaning $mId and $mName are still null rather than false. Because of this, MediaWiki thinks the user is logged in and has a blank username, causing an exception to be thrown when the personal URLs are generated in SkinTemplate::loadPersonalUrls(). This occurred using Git master.

Steps to reproduce:

  1. Add this function somewhere:

function wfBugTest( $user, &$result ) {

$result = false;
return true;

}

  1. Add the function into the UserLoadFromSession hook.
  2. Try to access the wiki.

Expected Result: User is logged out no matter what.
Actual Result: Exception is thrown (details below).

MediaWiki internal error.

Original exception: exception 'MWException' with message 'SkinTemplate::makeTalkUrlDetails given invalid pagename User:' in /var/www/site/wiki/includes/SkinTemplate.php:727
Stack trace:
#0 /var/www/site/wiki/includes/SkinTemplate.php(654): SkinTemplate->makeTalkUrlDetails('User:')
#1 /var/www/site/wiki/includes/SkinTemplate.php(455): SkinTemplate->buildPersonalUrls()
#2 /var/www/site/wiki/includes/OutputPage.php(1998): SkinTemplate->outputPage()
#3 /var/www/site/wiki/includes/Wiki.php(543): OutputPage->output()
#4 /var/www/site/wiki/includes/Wiki.php(446): MediaWiki->main()
#5 /var/www/site/wiki/index.php(58): MediaWiki->run()
#6 {main}

Exception caught inside exception handler: exception 'MWException' with message 'SkinTemplate::makeTalkUrlDetails given invalid pagename User:' in /var/www/site/wiki/includes/SkinTemplate.php:727
Stack trace:
#0 /var/www/site/wiki/includes/SkinTemplate.php(654): SkinTemplate->makeTalkUrlDetails('User:')
#1 /var/www/site/wiki/includes/SkinTemplate.php(455): SkinTemplate->buildPersonalUrls()
#2 /var/www/site/wiki/includes/OutputPage.php(1998): SkinTemplate->outputPage()
#3 /var/www/site/wiki/includes/Exception.php(227): OutputPage->output()
#4 /var/www/site/wiki/includes/Exception.php(273): MWException->reportHTML()
#5 /var/www/site/wiki/includes/Exception.php(624): MWException->report()
#6 /var/www/site/wiki/includes/Exception.php(705): MWExceptionHandler::report(Object(MWException))
#7 /var/www/site/wiki/includes/Wiki.php(449): MWExceptionHandler::handle(Object(MWException))
#8 /var/www/site/wiki/index.php(58): MediaWiki->run()
#9 {main}

Version: unspecified
Severity: normal

Details

Reference
bz39674

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 1:11 AM
bzimport added a project: MediaWiki-General.
bzimport set Reference to bz39674.
Parent5446 created this task.Aug 27 2012, 2:23 AM
Parent5446 added a comment.Aug 27 2012, 2:26 AM

Seems to be because, although User::loadFromSession() calls loadDefaults() almost any time it fails, the one time it doesn't call it is when the hook aborts.

Parent5446 added a comment.Aug 27 2012, 2:33 AM

https://gerrit.wikimedia.org/r/21546

Dereckson added a comment.Aug 27 2012, 9:23 AM

[ Bug assigned to code submitter. Priority: normal. ]

Dereckson added a comment.Aug 27 2012, 10:45 AM

Adding catrope as cc, as he reviewed previous login/session MediaWiki core bugs.

Parent5446 added a comment.Sep 28 2012, 2:02 PM

Merged in change linked above.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL