diff options
author | Pierre Schmitz <pierre@archlinux.de> | 2012-11-30 05:40:20 +0100 |
---|---|---|
committer | Pierre Schmitz <pierre@archlinux.de> | 2012-11-30 05:40:20 +0100 |
commit | 8a1f9ada65d746b630c96b184000f3f0bf6cf34d (patch) | |
tree | f641d0e874d1ac6a04c30e2e8a112fb1c4ceb6bd /includes/specials | |
parent | 9498a3d2852ace0f4ee23598f542dbce3fd2ec28 (diff) |
Update to MediaWiki 1.19.3
Diffstat (limited to 'includes/specials')
-rw-r--r-- | includes/specials/SpecialUserlogin.php | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php index 764ff401..4c5a2376 100644 --- a/includes/specials/SpecialUserlogin.php +++ b/includes/specials/SpecialUserlogin.php @@ -745,6 +745,8 @@ class LoginForm extends SpecialPage { $userLang = Language::factory( $code ); $wgLang = $userLang; $this->getContext()->setLanguage( $userLang ); + // Reset SessionID on Successful login (bug 40995) + $this->renewSessionId(); return $this->successfulLogin(); } else { return $this->cookieRedirectCheck( 'login' ); @@ -1179,6 +1181,23 @@ class LoginForm extends SpecialPage { $wgRequest->setSessionData( 'wsCreateaccountToken', null ); } + /** + * Renew the user's session id, using strong entropy + */ + private function renewSessionId() { + if ( wfCheckEntropy() ) { + session_regenerate_id( false ); + } else { + //If we don't trust PHP's entropy, we have to replace the session manually + $tmp = $_SESSION; + session_unset(); + session_write_close(); + session_id( MWCryptRand::generateHex( 32 ) ); + session_start(); + $_SESSION = $tmp; + } + } + /** * @private */ |