1.4 beta or release candidate users should upgrade to
this release.
I've seen there's a change from using $wgProxy to $wgSecretKey. Still,
this one change on the code (from setToken(), on user.php) puzzles me:
if ( $wgSecretKey ) {
$key = $wgSecretKey;
} elseif ( $wgProxyKey ) {
$key = $wgProxyKey;
} else {
$key = microtime();
}
$this->mToken = md5( $wgSecretKey . mt_rand( 0, 0x7fffffff ) .
$wgDBname . $this->mId );
Shouldn't the call to md5() use $key? Or am I misinterpreting the code?
--
/L/e/k/t/u