diff options
author | Pierre Schmitz <pierre@archlinux.de> | 2015-12-18 06:00:00 +0100 |
---|---|---|
committer | Pierre Schmitz <pierre@archlinux.de> | 2015-12-18 06:00:00 +0100 |
commit | 15e69f7b20b6596b9148030acce5b59993b95a45 (patch) | |
tree | 7b828b8920b0e222dc2a2c97dde933c9c4864fab /includes/User.php | |
parent | 9e06a62f265e3a2aaabecc598d4bc617e06fa32d (diff) |
Update to MediaWiki 1.25.4
Diffstat (limited to 'includes/User.php')
-rw-r--r-- | includes/User.php | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/includes/User.php b/includes/User.php index 663a80b7..62d72bdf 100644 --- a/includes/User.php +++ b/includes/User.php @@ -1051,11 +1051,10 @@ class User implements IDBAccessObject { // stopping at a minimum of 10 chars. $length = max( 10, $wgMinimalPasswordLength ); // Multiply by 1.25 to get the number of hex characters we need - $length = $length * 1.25; // Generate random hex chars - $hex = MWCryptRand::generateHex( $length ); + $hex = MWCryptRand::generateHex( ceil( $length * 1.25 ) ); // Convert from base 16 to base 32 to get a proper password like string - return wfBaseConvert( $hex, 16, 32 ); + return substr( wfBaseConvert( $hex, 16, 32, $length ), -$length ); } /** @@ -4109,7 +4108,7 @@ class User implements IDBAccessObject { $salt, $request ?: $this->getRequest(), $timestamp ); - if ( $val != $sessionToken ) { + if ( !hash_equals( $sessionToken, $val ) ) { wfDebug( "User::matchEditToken: broken session data\n" ); } |