From 8a1f9ada65d746b630c96b184000f3f0bf6cf34d Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Fri, 30 Nov 2012 05:40:20 +0100
Subject: Update to MediaWiki 1.19.3

---
 includes/specials/SpecialUserlogin.php | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'includes/specials/SpecialUserlogin.php')

diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 764ff401..4c5a2376 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -745,6 +745,8 @@ class LoginForm extends SpecialPage {
 					$userLang = Language::factory( $code );
 					$wgLang = $userLang;
 					$this->getContext()->setLanguage( $userLang );
+					// Reset SessionID on Successful login (bug 40995)
+					$this->renewSessionId();
 					return $this->successfulLogin();
 				} else {
 					return $this->cookieRedirectCheck( 'login' );
@@ -1179,6 +1181,23 @@ class LoginForm extends SpecialPage {
 		$wgRequest->setSessionData( 'wsCreateaccountToken', null );
 	}
 
+ 	/**
+	 * Renew the user's session id, using strong entropy
+	 */
+	private function renewSessionId() {
+		if ( wfCheckEntropy() ) {
+			session_regenerate_id( false );
+		} else {
+			//If we don't trust PHP's entropy, we have to replace the session manually
+			$tmp = $_SESSION;
+			session_unset();
+			session_write_close();
+			session_id( MWCryptRand::generateHex( 32 ) );
+			session_start();
+			$_SESSION = $tmp;
+		}
+	}
+
 	/**
 	 * @private
 	 */
-- 
cgit v1.2.3-54-g00ecf