From 13f2f09a193215aa7a061d10a1955e172d06fa0a Mon Sep 17 00:00:00 2001
From: =?utf8?q?Gerg=C5=91=20Tisza?= <tgr.huwiki@gmail.com>
Date: Thu, 28 Jan 2016 17:10:00 -0600
Subject: [PATCH] SECURITY: Fix User::setToken() call on User::newSystemUser

This was supposed to reset the user token but did set it to '1'
because User::setToken accepts bool/string but only treats true
as bool.

Bug: T125161
Change-Id: Ia4196eba92cd4d170a3023db0f540a2972ffad4f
---
 includes/session/SessionManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/session/SessionManager.php b/includes/session/SessionManager.php
index 0441137083..6b221fd1be 100644
--- a/includes/session/SessionManager.php
+++ b/includes/session/SessionManager.php
@@ -539,7 +539,7 @@ final class SessionManager implements SessionManagerInterface {
 		// Reset the user's token to kill existing sessions
 		$user = User::newFromName( $username );
 		if ( $user && $user->getToken( false ) ) {
-			$user->setToken( true );
+			$user->setToken();
 			$user->saveSettings();
 		}
 
-- 
2.20.1