Deal with garbage user_token values in the DB.

author ASchulz <aschulz@wikimedia.org>

Wed, 27 Feb 2013 01:01:41 +0000 (17:01 -0800)

committer Gerrit Code Review <gerrit@wikimedia.org>

Wed, 27 Feb 2013 21:08:03 +0000 (21:08 +0000)
author ASchulz <aschulz@wikimedia.org>
Wed, 27 Feb 2013 01:01:41 +0000 (17:01 -0800)
committer Gerrit Code Review <gerrit@wikimedia.org>
Wed, 27 Feb 2013 21:08:03 +0000 (21:08 +0000)
diff --git a/includes/User.php b/includes/User.php

index c9b8964..fca2032 100644 (file)
--- a/includes/User.php
+++ b/includes/User.php
@@ -980,10 +980,13 @@ class User {
                 }
  
                 if ( $request->getSessionData( 'wsToken' ) ) {
-                       $passwordCorrect = $proposedUser->getToken( false ) === $request->getSessionData( 'wsToken' );
+                       $passwordCorrect = ( $proposedUser->getToken( false ) === $request->getSessionData( 'wsToken' ) );
                         $from = 'session';
                 } elseif ( $request->getCookie( 'Token' ) ) {
-                       $passwordCorrect = $proposedUser->getToken( false ) === $request->getCookie( 'Token' );
+                       # Get the token from DB/cache and clean it up to remove garbage padding.
+                       # This deals with historical problems with bugs and the default column value.
+                       $token = rtrim( $proposedUser->getToken( false ) ); // correct token
+                       $passwordCorrect = ( strlen( $token ) && $token === $request->getCookie( 'Token' ) );
                         $from = 'cookie';
                 } else {
                         # No session or persistent login cookie
author	ASchulz <aschulz@wikimedia.org>
	Wed, 27 Feb 2013 01:01:41 +0000 (17:01 -0800)
committer	Gerrit Code Review <gerrit@wikimedia.org>
	Wed, 27 Feb 2013 21:08:03 +0000 (21:08 +0000)