Last modified: 2013-12-20 21:03:09 UTC
The fatal stack trace in Bug 58705 suggests that calling $wgLang->getDir() to determine RTL direction can trigger establishing a user, which can run the UserLoadFromSession hook, in response OAuth's getOAuthAccessToken() calls $title->isSpecial()... which crashes with "Fatal error: Call to a member function isSpecial() on a non-object" because if you do this early enough, RequestContext::getMain() ->getTitle() doesn't return a title object. Bug 58380 ended up at the same fatal It seems there enough ways this could fail that the getOAuthAccessToken() function should guard against it.
Note that "check the title" means either "throw an MWException" or "figure out a way to do this same check that doesn't involve RequestContext::getMain()->getTitle() at all". Suggestions welcome. Both of the fatals so far were caused by other extensions trying to access the User object from $wgExtensionHooks, which now has documentation saying not to do that.
Thanks for opening the bug S. I've been trying to think of a better way to do this for a while. Brad, should onUserLoadFromSession check if this is an api call, and only fill the user object if so? Then we can skip the check if it's a special page.
It *could*, I suppose. I think it's nice that OAuth can work for the whole site and not just the API though.
Fixing 41201 would be even better.