5fd5b3276f
This change adds a HMAC to the block-cookie to prevent someone spoofing a cookie and so discovering revdeleted users' names. The HMAC is only added if $wgSecretKey is set; if it isn't, the existing plain-ID format is used. A note about this has been added to DefaultSettings.php. Tests are updated and new tests added to demonstrate an inauthentic HMAC, and for when $wgSecretKey is not definied. Bug: T152951 Change-Id: I6a3ef9e91091408c25eaa2d36d58b365d681e8c6 |
||
|---|---|---|
| .. | ||
| BotPasswordTest.php | ||
| CentralIdLookupTest.php | ||
| LocalIdLookupTest.php | ||
| PasswordResetTest.php | ||
| UserArrayFromResultTest.php | ||
| UserGroupMembershipTest.php | ||
| UserTest.php | ||