"Dantman" posted a comment on MediaWiki.r110825. URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/110825#c30539
Commit summary for MediaWiki.r110825: (bug 34237) Regenerate an empty user_token and save to the database when we try to set the user's cookies for login. This allows the entire user_token column to be regenerated after a leak by running `UPDATE user SET user_token = NULL;` and letting the user_tokens be regenerated as users try to log back in. Dantman's comment: Btw, anyone who wants to should feel free to update the user_token schema to remove the `NOT NULL`. This code still works when you use '' instead of NULL so I didn't bother writing a schema update. Especially considering you can't remove a `NOT NULL` without also specifying the column type. Tagged for a 1.19 revert since it's new code and we can just defer it to 1.20. _______________________________________________ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview