1.4 beta or release candidate users should upgrade to this release.
I've seen there's a change from using $wgProxy to $wgSecretKey. Still, this one change on the code (from setToken(), on user.php) puzzles me:
if ( $wgSecretKey ) { $key = $wgSecretKey; } elseif ( $wgProxyKey ) { $key = $wgProxyKey; } else { $key = microtime(); } $this->mToken = md5( $wgSecretKey . mt_rand( 0, 0x7fffffff ) . $wgDBname . $this->mId );
Shouldn't the call to md5() use $key? Or am I misinterpreting the code?