Page MenuHomePhabricator
Files F4025475

T127114-master_1.28wmf2.patch
csteipp (Chris Steipp)
Actions

Authored By
csteipp
May 18 2016, 12:14 AM
Size
1 KB
Referenced Files
None
Subscribers
None

T127114-master_1.28wmf2.patch
View Options

From cea8b82e79fe81b6f18d25e2a74d2fc0b2418493 Mon Sep 17 00:00:00 2001
From: csteipp <csteipp@wikimedia.org>
Date: Tue, 17 May 2016 15:18:20 -0700
Subject: [PATCH] SECURITY: Canonicalize usernames before rate limiting logins
Bug: T127114
Change-Id: If54b01efbdd129d480943be6b0d92ed6406a16a0
---
includes/specialpage/LoginSignupSpecialPage.php | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/includes/specialpage/LoginSignupSpecialPage.php b/includes/specialpage/LoginSignupSpecialPage.php
index 0e4252c..31da1cd 100644
--- a/includes/specialpage/LoginSignupSpecialPage.php
+++ b/includes/specialpage/LoginSignupSpecialPage.php
@@ -1559,7 +1559,8 @@ class LoginFormAuthManager extends SpecialPage {
public static function incrementLoginThrottle( $username ) {
wfDeprecated( __METHOD__, "1.27" );
global $wgRequest;
- $username = User::getCanonicalName( $username, 'usable' ) ?: $username;
+ $canUsername = User::getCanonicalName( $username, 'usable' );
+ $username = $canUsername !== false ? $canUsername : $username;
$throttler = new Throttler();
return $throttler->increase( $username, $wgRequest->getIP(), __METHOD__ );
}
@@ -1579,7 +1580,8 @@ class LoginFormAuthManager extends SpecialPage {
public static function clearLoginThrottle( $username ) {
wfDeprecated( __METHOD__, "1.27" );
global $wgRequest;
- $username = User::getCanonicalName( $username, 'usable' ) ?: $username;
+ $canUsername = User::getCanonicalName( $username, 'usable' );
+ $username = $canUsername !== false ? $canUsername : $username;
$throttler = new Throttler();
return $throttler->clear( $username, $wgRequest->getIP() );
}
--
2.6.6

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3734948
Default Alt Text
T127114-master_1.28wmf2.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits