From: Aaron Schulz <aaron@users.mediawiki.org>
Date: Sat, 23 Jul 2011 09:49:54 +0000 (+0000)
Subject: Dummy-proof incLoginThrottle/clearLoginThrottle with trim()
X-Git-Tag: 1.31.0-rc.0~28667
X-Git-Url: https://git.heureux-cyclage.org/?a=commitdiff_plain;h=36554eaf612be067af8b1cde51ccc5a55e192d02;p=lhc%2Fweb%2Fwiklou.git

Dummy-proof incLoginThrottle/clearLoginThrottle with trim()
---

diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 37408cd147..a933041270 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -589,6 +589,7 @@ class LoginForm extends SpecialPage {
 	 */
 	public static function incLoginThrottle( $username ) {
 		global $wgPasswordAttemptThrottle, $wgMemc;
+		$username = trim( $username ); // sanity
 
 		$throttleCount = 0;
 		if ( is_array( $wgPasswordAttemptThrottle ) ) {
@@ -616,6 +617,7 @@ class LoginForm extends SpecialPage {
 	 */
 	public static function clearLoginThrottle( $username ) {
 		global $wgMemc;
+		$username = trim( $username ); // sanity
 
 		$throttleKey = wfMemcKey( 'password-throttle', wfGetIP(), md5( $username ) );
 		$wgMemc->delete( $throttleKey );