From: Gergő Tisza Date: Thu, 28 Jan 2016 23:10:00 +0000 (-0600) Subject: SECURITY: Fix User::setToken() call on User::newSystemUser X-Git-Tag: 1.31.0-rc.0~8148 X-Git-Url: http://git.cyclocoop.org/%22.%24image2.%22?a=commitdiff_plain;h=13f2f09a193215aa7a061d10a1955e172d06fa0a;p=lhc%2Fweb%2Fwiklou.git SECURITY: Fix User::setToken() call on User::newSystemUser This was supposed to reset the user token but did set it to '1' because User::setToken accepts bool/string but only treats true as bool. Bug: T125161 Change-Id: Ia4196eba92cd4d170a3023db0f540a2972ffad4f --- diff --git a/includes/session/SessionManager.php b/includes/session/SessionManager.php index 0441137083..6b221fd1be 100644 --- a/includes/session/SessionManager.php +++ b/includes/session/SessionManager.php @@ -539,7 +539,7 @@ final class SessionManager implements SessionManagerInterface { // Reset the user's token to kill existing sessions $user = User::newFromName( $username ); if ( $user && $user->getToken( false ) ) { - $user->setToken( true ); + $user->setToken(); $user->saveSettings(); }