Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deal with garbage user_token values in the DB.

Browse source 
Change-Id: I92f1645d4a1cfc4151bd34b566ec3ac05eab427f
This commit is contained in:
ASchulz 2013-02-26 17:01:41 -08:00 committed by Gerrit Code Review
parent 018686256b
commit a6ac08128d
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
includes/User.php
View file

@ -980,10 +980,13 @@ class User {
}
if ( $request->getSessionData( 'wsToken' ) ) {
$passwordCorrect = $proposedUser->getToken( false ) === $request->getSessionData( 'wsToken' );
$passwordCorrect = ( $proposedUser->getToken( false ) === $request->getSessionData( 'wsToken' ) );
$from = 'session';
} elseif ( $request->getCookie( 'Token' ) ) {
$passwordCorrect = $proposedUser->getToken( false ) === $request->getCookie( 'Token' );
# Get the token from DB/cache and clean it up to remove garbage padding.
# This deals with historical problems with bugs and the default column value.
$token = rtrim( $proposedUser->getToken( false ) ); // correct token
$passwordCorrect = ( strlen( $token ) && $token === $request->getCookie( 'Token' ) );
$from = 'cookie';
} else {
# No session or persistent login cookie