From: Matthew Flaschen Date: Tue, 16 Aug 2016 22:11:35 +0000 (-0400) Subject: Note that you shouldn't use a custom $salt for 'edit' or 'csrf' X-Git-Tag: 1.31.0-rc.0~6039^2 X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/%22%24ccApp/ecrire/?a=commitdiff_plain;h=972b5a1976448f89e4412591bc88c6e0b9114d01;p=lhc%2Fweb%2Fwiklou.git Note that you shouldn't use a custom $salt for 'edit' or 'csrf' Change-Id: I795b3a17791a9e16382a7c6379b0e7a4a498d32e --- diff --git a/includes/user/User.php b/includes/user/User.php index ab665a49a9..83cfa40644 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -4190,6 +4190,8 @@ class User implements IDBAccessObject { * login credentials aren't being hijacked with a foreign form * submission. * + * The $salt for 'edit' and 'csrf' tokens is the default (empty string). + * * @since 1.19 * @param string|array $salt Array of Strings Optional function-specific data for hashing * @param WebRequest|null $request WebRequest object to use or null to use $wgRequest