From a6ac08128d41f4e786669076ca55a5eb9f2cf81a Mon Sep 17 00:00:00 2001
From: ASchulz <aschulz@wikimedia.org>
Date: Tue, 26 Feb 2013 17:01:41 -0800
Subject: [PATCH] Deal with garbage user_token values in the DB.

Change-Id: I92f1645d4a1cfc4151bd34b566ec3ac05eab427f
---
 includes/User.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/includes/User.php b/includes/User.php
index c9b8964df2..fca203259a 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -980,10 +980,13 @@ class User {
 		}
 
 		if ( $request->getSessionData( 'wsToken' ) ) {
-			$passwordCorrect = $proposedUser->getToken( false ) === $request->getSessionData( 'wsToken' );
+			$passwordCorrect = ( $proposedUser->getToken( false ) === $request->getSessionData( 'wsToken' ) );
 			$from = 'session';
 		} elseif ( $request->getCookie( 'Token' ) ) {
-			$passwordCorrect = $proposedUser->getToken( false ) === $request->getCookie( 'Token' );
+			# Get the token from DB/cache and clean it up to remove garbage padding.
+			# This deals with historical problems with bugs and the default column value.
+			$token = rtrim( $proposedUser->getToken( false ) ); // correct token
+			$passwordCorrect = ( strlen( $token ) && $token === $request->getCookie( 'Token' ) );
 			$from = 'cookie';
 		} else {
 			# No session or persistent login cookie
-- 
2.20.1