From: Brian Wolff <bawolff+wn@gmail.com>
Date: Mon, 9 May 2016 07:51:01 +0000 (-0400)
Subject: Canonicalize usernames before rate limiting logins
X-Git-Tag: 1.31.0-rc.0~6883
X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=commitdiff_plain;h=b3988ba1cec061921efc39d3e7cfda1917230a9c

Canonicalize usernames before rate limiting logins

Bug: T127114
Change-Id: I020cecf345c6bad4f461b70203f0bd29792de1f8

Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
---

diff --git a/includes/specials/pre-authmanager/SpecialUserlogin.php b/includes/specials/pre-authmanager/SpecialUserlogin.php
index 4af5cf696a..e745129427 100644
--- a/includes/specials/pre-authmanager/SpecialUserlogin.php
+++ b/includes/specials/pre-authmanager/SpecialUserlogin.php
@@ -894,7 +894,8 @@ class LoginFormPreAuthManager extends SpecialPage {
 	 */
 	public static function incrementLoginThrottle( $username ) {
 		global $wgPasswordAttemptThrottle, $wgRequest;
-		$username = User::getCanonicalName( $username, 'usable' ) ?: $username;
+		$canUsername = User::getCanonicalName( $username, 'usable' );
+		$username = $canUsername !== false ? $canUsername : $username;
 
 		$throttleCount = 0;
 		if ( is_array( $wgPasswordAttemptThrottle ) ) {
@@ -979,7 +980,8 @@ class LoginFormPreAuthManager extends SpecialPage {
 	 */
 	public static function clearLoginThrottle( $username ) {
 		global $wgRequest, $wgPasswordAttemptThrottle;
-		$username = User::getCanonicalName( $username, 'usable' ) ?: $username;
+		$canUsername = User::getCanonicalName( $username, 'usable' );
+		$username = $canUsername !== false ? $canUsername : $username;
 
 		if ( is_array( $wgPasswordAttemptThrottle ) ) {
 			$throttleConfig = $wgPasswordAttemptThrottle;