Canonicalize usernames before rate limiting logins

Bug: T127114
Change-Id: I020cecf345c6bad4f461b70203f0bd29792de1f8

Signed-off-by: Chad Horohoe <chadh@wikimedia.org>

diff --git a/includes/specials/pre-authmanager/SpecialUserlogin.php b/includes/specials/pre-authmanager/SpecialUserlogin.php
index 4af5cf6..e745129 100644 (file)
--- a/includes/specials/pre-authmanager/SpecialUserlogin.php
+++ b/includes/specials/pre-authmanager/SpecialUserlogin.php
@@ -894,7 +894,8 @@ class LoginFormPreAuthManager extends SpecialPage {
         */
        public static function incrementLoginThrottle( $username ) {
                global $wgPasswordAttemptThrottle, $wgRequest;
-               $username = User::getCanonicalName( $username, 'usable' ) ?: $username;
+               $canUsername = User::getCanonicalName( $username, 'usable' );
+               $username = $canUsername !== false ? $canUsername : $username;
 
                $throttleCount = 0;
                if ( is_array( $wgPasswordAttemptThrottle ) ) {
@@ -979,7 +980,8 @@ class LoginFormPreAuthManager extends SpecialPage {
         */
        public static function clearLoginThrottle( $username ) {
                global $wgRequest, $wgPasswordAttemptThrottle;
-               $username = User::getCanonicalName( $username, 'usable' ) ?: $username;
+               $canUsername = User::getCanonicalName( $username, 'usable' );
+               $username = $canUsername !== false ? $canUsername : $username;
 
                if ( is_array( $wgPasswordAttemptThrottle ) ) {
                        $throttleConfig = $wgPasswordAttemptThrottle;