Merge "Fix per-connection database name in DBAccessBase."

[lhc/web/wiklou.git] / maintenance / locking / LockServerDaemon.php

diff --git a/maintenance/locking/LockServerDaemon.php b/maintenance/locking/LockServerDaemon.php
index 689c930..4358989 100644 (file)
--- a/maintenance/locking/LockServerDaemon.php
+++ b/maintenance/locking/LockServerDaemon.php
@@ -39,6 +39,8 @@ LockServerDaemon::init(
 
 /**
  * Simple lock server daemon that accepts lock/unlock requests
+ *
+ * @ingroup LockManager Maintenance
  */
 class LockServerDaemon {
        /** @var resource */
@@ -66,6 +68,8 @@ class LockServerDaemon {
 
        /**
         * @params $config Array
+        * @param array $config
+        * @throws Exception
         * @return LockServerDaemon
         */
        public static function init( array $config ) {
@@ -111,6 +115,7 @@ class LockServerDaemon {
        }
 
        /**
+        * @throws Exception
         * @return void
         */
        protected function setupServerSocket() {
@@ -237,7 +242,9 @@ class LockServerDaemon {
                $m = explode( ':', $data ); // <session, key, command, type, values>
                if ( count( $m ) == 5 ) {
                        list( $session, $key, $command, $type, $values ) = $m;
-                       if ( sha1( $session . $command . $type . $values . $this->authKey ) !== $key ) {
+                       $goodKey = hash_hmac( 'sha1',
+                               "{$session}\n{$command}\n{$type}\n{$values}", $this->authKey );
+                       if ( $goodKey !== $key ) {
                                return 'BAD_KEY';
                        } elseif ( strlen( $session ) !== 32 ) {
                                return 'BAD_SESSION';