Merge commit '1a365e'

author: Luke Shumaker <lukeshu@sbcglobal.net> 2016-05-01 15:30:47 -0400
committer: Luke Shumaker <lukeshu@sbcglobal.net> 2016-05-01 15:30:47 -0400
commit: 7e85254903c7c0cb49e381f16b18441ea7b058cc (patch)
tree: b22328fcf4c8408fc25a7acb73d1cb1089cd82ac /includes/api/ApiBase.php
parent: 1de335ad3f395ca6861085393ba366a9e3fb4a0d (diff)
parent: 1a365e77dfb8825136626202b1df462731b42060 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index 5a1eb995..6c33da57 100644
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -1192,7 +1192,7 @@ abstract class ApiBase extends ContextSource {
 				$this->dieUsage( 'Specified user does not exist', 'bad_wlowner' );
 			}
 			$token = $user->getOption( 'watchlisttoken' );
-			if ( $token == '' || $token != $params['token'] ) {
+			if ( $token == '' || !hash_equals( $token, $params['token'] ) ) {
 				$this->dieUsage(
 					'Incorrect watchlist token provided -- please set a correct token in Special:Preferences',
 					'bad_wltoken'
author	Luke Shumaker <lukeshu@sbcglobal.net>	2016-05-01 15:30:47 -0400
committer	Luke Shumaker <lukeshu@sbcglobal.net>	2016-05-01 15:30:47 -0400
commit	7e85254903c7c0cb49e381f16b18441ea7b058cc (patch)
tree	b22328fcf4c8408fc25a7acb73d1cb1089cd82ac /includes/api/ApiBase.php
parent	1de335ad3f395ca6861085393ba366a9e3fb4a0d (diff)
parent	1a365e77dfb8825136626202b1df462731b42060 (diff)