From: ASchulz <aschulz@wikimedia.org>
Date: Wed, 27 Feb 2013 01:01:41 +0000 (-0800)
Subject: Deal with garbage user_token values in the DB.
X-Git-Tag: 1.31.0-rc.0~20539
X-Git-Url: http://git.cyclocoop.org//%27%40script%40/%27?a=commitdiff_plain;h=a6ac08128d41f4e786669076ca55a5eb9f2cf81a;p=lhc%2Fweb%2Fwiklou.git

Deal with garbage user_token values in the DB.

Change-Id: I92f1645d4a1cfc4151bd34b566ec3ac05eab427f
---

diff --git a/includes/User.php b/includes/User.php
index c9b8964df2..fca203259a 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -980,10 +980,13 @@ class User {
 		}
 
 		if ( $request->getSessionData( 'wsToken' ) ) {
-			$passwordCorrect = $proposedUser->getToken( false ) === $request->getSessionData( 'wsToken' );
+			$passwordCorrect = ( $proposedUser->getToken( false ) === $request->getSessionData( 'wsToken' ) );
 			$from = 'session';
 		} elseif ( $request->getCookie( 'Token' ) ) {
-			$passwordCorrect = $proposedUser->getToken( false ) === $request->getCookie( 'Token' );
+			# Get the token from DB/cache and clean it up to remove garbage padding.
+			# This deals with historical problems with bugs and the default column value.
+			$token = rtrim( $proposedUser->getToken( false ) ); // correct token
+			$passwordCorrect = ( strlen( $token ) && $token === $request->getCookie( 'Token' ) );
 			$from = 'cookie';
 		} else {
 			# No session or persistent login cookie