[MediaWiki-commits] [Gerrit] mediawiki/core[master]: Added warning for improper ending of a token

Georggi199 (Code Review) Mon, 28 Nov 2016 12:24:42 -0800

Georggi199 has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/323896


Change subject: Added warning for improper ending of a token
......................................................................

Added warning for improper ending of a token

Added warning if token ends with Token::SUFFIX by using preg_match on the 
string.

Bug: T122280
Change-Id: Id405dcc7b5e4d28995edf334aa6e183efdb749de
---
M includes/api/ApiCheckToken.php
1 file changed, 4 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/96/323896/1

diff --git a/includes/api/ApiCheckToken.php b/includes/api/ApiCheckToken.php
index 3d2159c..fb83cf7 100644
--- a/includes/api/ApiCheckToken.php
+++ b/includes/api/ApiCheckToken.php
@@ -39,7 +39,10 @@
                $tokenObj = ApiQueryTokens::getToken(
                        $this->getUser(), $this->getRequest()->getSession(), 
$salts[$params['type']]
                );
-               if ( $tokenObj->match( $token, $maxage ) ) {
+
+               if ( preg_match( urldecode( MediaWiki\Session\Token::SUFFIX ), 
$token ) ) {
+                       $res['result'] = 'warning';
+               } elseif ( $tokenObj->match( $token, $maxage ) ) {
                        $res['result'] = 'valid';
                } elseif ( $maxage !== null && $tokenObj->match( $token ) ) {
                        $res['result'] = 'expired';

-- 
To view, visit https://gerrit.wikimedia.org/r/323896
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id405dcc7b5e4d28995edf334aa6e183efdb749de
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Georggi199 <bmp2...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: Added warning for improper ending of a token

Reply via email to