Note that you shouldn't use a custom $salt for 'edit' or 'csrf'

author Matthew Flaschen <mflaschen@wikimedia.org>

Tue, 16 Aug 2016 22:11:35 +0000 (18:11 -0400)

committer Matthew Flaschen <mflaschen@wikimedia.org>

Tue, 16 Aug 2016 22:12:27 +0000 (18:12 -0400)
author Matthew Flaschen <mflaschen@wikimedia.org>
Tue, 16 Aug 2016 22:11:35 +0000 (18:11 -0400)
committer Matthew Flaschen <mflaschen@wikimedia.org>
Tue, 16 Aug 2016 22:12:27 +0000 (18:12 -0400)
diff --git a/includes/user/User.php b/includes/user/User.php

index ab665a4..83cfa40 100644 (file)
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -4190,6 +4190,8 @@ class User implements IDBAccessObject {
          * login credentials aren't being hijacked with a foreign form
          * submission.
          *
+        * The $salt for 'edit' and 'csrf' tokens is the default (empty string).
+        *
          * @since 1.19
          * @param string|array $salt Array of Strings Optional function-specific data for hashing
          * @param WebRequest|null $request WebRequest object to use or null to use $wgRequest
author	Matthew Flaschen <mflaschen@wikimedia.org>
	Tue, 16 Aug 2016 22:11:35 +0000 (18:11 -0400)
committer	Matthew Flaschen <mflaschen@wikimedia.org>
	Tue, 16 Aug 2016 22:12:27 +0000 (18:12 -0400)