[MediaWiki-commits] [Gerrit] User::isSafeToLoad() should return false if MW_NO_SESSION - change (mediawiki/core)

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged.

Change subject: User::isSafeToLoad() should return false if MW_NO_SESSION
......................................................................


User::isSafeToLoad() should return false if MW_NO_SESSION

Because it's never safe.

Bug: T127233
Change-Id: Ieb5824f1668dc38d1be7c7cbf799da17e581c555
---
M includes/user/User.php
1 file changed, 14 insertions(+), 4 deletions(-)

Approvals:
  Krinkle: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/includes/user/User.php b/includes/user/User.php
index eb3853a..7485591 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -315,9 +315,12 @@
        }
 
        /**
-        * Test if it's safe to load this User object. You should typically 
check this before using
-        * $wgUser or RequestContext::getUser in a method that might be called 
before the system has
-        * been fully initialized. If the object is unsafe, you should use an 
anonymous user:
+        * Test if it's safe to load this User object.
+        *
+        * You should typically check this before using $wgUser or
+        * RequestContext::getUser in a method that might be called before the
+        * system has been fully initialized. If the object is unsafe, you 
should
+        * use an anonymous user:
         * \code
         * $user = $wgUser->isSafeToLoad() ? $wgUser : new User;
         * \endcode
@@ -327,7 +330,14 @@
         */
        public function isSafeToLoad() {
                global $wgFullyInitialised;
-               return $wgFullyInitialised || $this->mLoadedItems === true || 
$this->mFrom !== 'session';
+
+               // The user is safe to load if:
+               // * MW_NO_SESSION is undefined AND $wgFullyInitialised is true 
(safe to use session data)
+               // * mLoadedItems === true (already loaded)
+               // * mFrom !== 'session' (sessions not involved at all)
+
+               return ( !defined( 'MW_NO_SESSION' ) && $wgFullyInitialised ) ||
+                       $this->mLoadedItems === true || $this->mFrom !== 
'session';
        }
 
        /**

-- 
To view, visit https://gerrit.wikimedia.org/r/272893
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ieb5824f1668dc38d1be7c7cbf799da17e581c555
Gerrit-PatchSet: 3
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Anomie <bjor...@wikimedia.org>
Gerrit-Reviewer: Anomie <bjor...@wikimedia.org>
Gerrit-Reviewer: BryanDavis <bda...@wikimedia.org>
Gerrit-Reviewer: Gergő Tisza <gti...@wikimedia.org>
Gerrit-Reviewer: Krinkle <krinklem...@gmail.com>
Gerrit-Reviewer: Legoktm <legoktm.wikipe...@gmail.com>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits