Tim Starling has submitted this change and it was merged. Change subject: Deal with garbage user_token values in the DB. ......................................................................
Deal with garbage user_token values in the DB. Change-Id: I92f1645d4a1cfc4151bd34b566ec3ac05eab427f --- M includes/User.php 1 file changed, 5 insertions(+), 2 deletions(-) Approvals: Tim Starling: Verified; Looks good to me, approved diff --git a/includes/User.php b/includes/User.php index ee2635c..ceef238 100644 --- a/includes/User.php +++ b/includes/User.php @@ -980,10 +980,13 @@ } if ( $request->getSessionData( 'wsToken' ) ) { - $passwordCorrect = $proposedUser->getToken( false ) === $request->getSessionData( 'wsToken' ); + $passwordCorrect = ( $proposedUser->getToken( false ) === $request->getSessionData( 'wsToken' ) ); $from = 'session'; } elseif ( $request->getCookie( 'Token' ) ) { - $passwordCorrect = $proposedUser->getToken( false ) === $request->getCookie( 'Token' ); + # Get the token from DB/cache and clean it up to remove garbage padding. + # This deals with historical problems with bugs and the default column value. + $token = rtrim( $proposedUser->getToken( false ) ); // correct token + $passwordCorrect = ( strlen( $token ) && $token === $request->getCookie( 'Token' ) ); $from = 'cookie'; } else { # No session or persistent login cookie -- To view, visit https://gerrit.wikimedia.org/r/51221 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I92f1645d4a1cfc4151bd34b566ec3ac05eab427f Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: wmf/1.21wmf10 Gerrit-Owner: Tim Starling <tstarl...@wikimedia.org> Gerrit-Reviewer: Aaron Schulz <asch...@wikimedia.org> Gerrit-Reviewer: Tim Starling <tstarl...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits