Restore previous export behavior with respect to empty comment text

[lhc/web/wiklou.git] / includes / session / Session.php

diff --git a/includes/session/Session.php b/includes/session/Session.php
index 024bf9a..328958c 100644 (file)
--- a/includes/session/Session.php
+++ b/includes/session/Session.php
@@ -291,7 +291,7 @@ final class Session implements \Countable, \Iterator, \ArrayAccess {
        /**
         * Fetch a value from the session
         * @param string|int $key
-        * @param mixed $default Returned if $this->exists( $key ) would be false
+        * @param mixed|null $default Returned if $this->exists( $key ) would be false
         * @return mixed
         */
        public function get( $key, $default = null ) {
@@ -481,7 +481,7 @@ final class Session implements \Countable, \Iterator, \ArrayAccess {
 
                // Encrypt
                // @todo: import a pure-PHP library for AES instead of doing $wgSessionInsecureSecrets
-               $iv = \MWCryptRand::generate( 16, true );
+               $iv = random_bytes( 16 );
                $algorithm = self::getEncryptionAlgorithm();
                switch ( $algorithm[0] ) {
                        case 'openssl':
@@ -522,7 +522,7 @@ final class Session implements \Countable, \Iterator, \ArrayAccess {
        /**
         * Fetch a value from the session that was set with self::setSecret()
         * @param string|int $key
-        * @param mixed $default Returned if $this->exists( $key ) would be false or decryption fails
+        * @param mixed|null $default Returned if $this->exists( $key ) would be false or decryption fails
         * @return mixed
         */
        public function getSecret( $key, $default = null ) {
@@ -537,7 +537,7 @@ final class Session implements \Countable, \Iterator, \ArrayAccess {
                // Extension::OATHAuth.
 
                // Unseal and check
-               $pieces = explode( '.', $encrypted );
+               $pieces = explode( '.', $encrypted, 4 );
                if ( count( $pieces ) !== 3 ) {
                        $ex = new \Exception( 'Invalid sealed-secret format' );
                        $this->logger->warning( $ex->getMessage(), [ 'exception' => $ex ] );