diff options
Diffstat (limited to 'includes/api/ApiBase.php')
| -rw-r--r-- | includes/api/ApiBase.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php index 5a1eb995..6c33da57 100644 --- a/includes/api/ApiBase.php +++ b/includes/api/ApiBase.php @@ -1192,7 +1192,7 @@ abstract class ApiBase extends ContextSource { $this->dieUsage( 'Specified user does not exist', 'bad_wlowner' ); } $token = $user->getOption( 'watchlisttoken' ); - if ( $token == '' || $token != $params['token'] ) { + if ( $token == '' || !hash_equals( $token, $params['token'] ) ) { $this->dieUsage( 'Incorrect watchlist token provided -- please set a correct token in Special:Preferences', 'bad_wltoken' |