Added warning if token ends with Token::SUFFIX by comparing result of substr to Token::SUFFIX.
Simplified Token class calls.
Bug: T122280
Change-Id: Id405dcc7b5e4d28995edf334aa6e183efdb749de
+use MediaWiki\Session\Token;
+
/**
* @since 1.25
* @ingroup API
/**
* @since 1.25
* @ingroup API
$tokenObj = ApiQueryTokens::getToken(
$this->getUser(), $this->getRequest()->getSession(), $salts[$params['type']]
);
$tokenObj = ApiQueryTokens::getToken(
$this->getUser(), $this->getRequest()->getSession(), $salts[$params['type']]
);
+
+ if ( substr( $token, -strlen( urldecode( Token::SUFFIX ) ) ) === urldecode( Token::SUFFIX ) ) {
+ $this->setWarning(
+ "Check that symbols such as \"+\" in the token are properly percent-encoded in the URL."
+ );
+ }
+
if ( $tokenObj->match( $token, $maxage ) ) {
$res['result'] = 'valid';
} elseif ( $maxage !== null && $tokenObj->match( $token ) ) {
if ( $tokenObj->match( $token, $maxage ) ) {
$res['result'] = 'valid';
} elseif ( $maxage !== null && $tokenObj->match( $token ) ) {
$res['result'] = 'invalid';
}
$res['result'] = 'invalid';
}
- $ts = MediaWiki\Session\Token::getTimestamp( $token );
+ $ts = Token::getTimestamp( $token );
if ( $ts !== null ) {
$mwts = new MWTimestamp();
$mwts->timestamp->setTimestamp( $ts );
if ( $ts !== null ) {
$mwts = new MWTimestamp();
$mwts->timestamp->setTimestamp( $ts );