From 36554eaf612be067af8b1cde51ccc5a55e192d02 Mon Sep 17 00:00:00 2001
From: Aaron Schulz <aaron@users.mediawiki.org>
Date: Sat, 23 Jul 2011 09:49:54 +0000
Subject: [PATCH] Dummy-proof incLoginThrottle/clearLoginThrottle with trim()

---
 includes/specials/SpecialUserlogin.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 37408cd147..a933041270 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -589,6 +589,7 @@ class LoginForm extends SpecialPage {
 	 */
 	public static function incLoginThrottle( $username ) {
 		global $wgPasswordAttemptThrottle, $wgMemc;
+		$username = trim( $username ); // sanity
 
 		$throttleCount = 0;
 		if ( is_array( $wgPasswordAttemptThrottle ) ) {
@@ -616,6 +617,7 @@ class LoginForm extends SpecialPage {
 	 */
 	public static function clearLoginThrottle( $username ) {
 		global $wgMemc;
+		$username = trim( $username ); // sanity
 
 		$throttleKey = wfMemcKey( 'password-throttle', wfGetIP(), md5( $username ) );
 		$wgMemc->delete( $throttleKey );
-- 
2.20.1