https://bugzilla.wikimedia.org/show_bug.cgi?id=31613
Christoph Kepper <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |christoph.kepper@pediapress | |.com --- Comment #4 from Christoph Kepper <[email protected]> 2011-10-26 12:56:12 UTC --- As far as I can see, there is a logical problem in $wgUser->matchEditToken(). (includes/User.php L3228) public function matchEditToken( $val, $salt = '', $request = null ) { $sessionToken = $this->editToken( $salt, $request ); if ( $val != $sessionToken ) { wfDebug( "User::matchEditToken: broken session data\n" \ ); } return $val == $sessionToken; } The token ($val) has to be inserted in the request, but $sessionToken is hashed with the request. Therefore, the token inserted in the request can NEVER match the original $wgUser->editToken(). -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
