From 1a365e77dfb8825136626202b1df462731b42060 Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Sun, 16 Aug 2015 08:22:05 +0200
Subject: Update to MediaWiki 1.25.2

---
 includes/api/ApiBase.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'includes/api/ApiBase.php')

diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index 5a1eb995..6c33da57 100644
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -1192,7 +1192,7 @@ abstract class ApiBase extends ContextSource {
 				$this->dieUsage( 'Specified user does not exist', 'bad_wlowner' );
 			}
 			$token = $user->getOption( 'watchlisttoken' );
-			if ( $token == '' || $token != $params['token'] ) {
+			if ( $token == '' || !hash_equals( $token, $params['token'] ) ) {
 				$this->dieUsage(
 					'Incorrect watchlist token provided -- please set a correct token in Special:Preferences',
 					'bad_wltoken'
-- 
cgit v1.2.3-54-g00ecf