X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fapi%2FApiBase.php;h=7b71e6c5a2596017f107a0210e5925627cb43fac;hb=3cecad00c900ea4465e3edfb2c51bec2ce58c137;hp=393ff49d7c25d7032c046e40e52008003779596e;hpb=37c4a72c052a4f270f48913149ef75d8009f999e;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index 393ff49d7c..7b71e6c5a2 100644
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -1229,7 +1229,7 @@ abstract class ApiBase extends ContextSource {
 				$this->dieUsage( 'Specified user does not exist', 'bad_wlowner' );
 			}
 			$token = $user->getOption( 'watchlisttoken' );
-			if ( $token == '' || $token != $params['token'] ) {
+			if ( $token == '' || !hash_equals( $token, $params['token'] ) ) {
 				$this->dieUsage(
 					'Incorrect watchlist token provided -- please set a correct token in Special:Preferences',
 					'bad_wltoken'
@@ -2870,6 +2870,16 @@ abstract class ApiBase extends ContextSource {
 		return $this->getResult()->getData();
 	}
 
+	/**
+	 * Call wfTransactionalTimeLimit() if this request was POSTed
+	 * @since 1.26
+	 */
+	protected function useTransactionalTimeLimit() {
+		if ( $this->getRequest()->wasPosted() ) {
+			wfTransactionalTimeLimit();
+		}
+	}
+
 	/**@}*/
 }