Last modified: 2013-04-25 11:53:43 UTC
I've been seeing this notice on my dev/test wiki: Deprecated: Use of wfGenerateToken was deprecated in MediaWiki 1.20. [Called from ClickTrackingHooks::makeGlobalVariablesScript in /var/www/MediaWiki/Git/extensions/ClickTracking/ClickTracking.hooks.php at line 77] in /var/www/MediaWiki/Git/core/includes/debug/Debug.php on line 283 No idea how to correctly fix this, so I thought I'd put it here.
"@deprecated since 1.20; Please use MWCryptRand for security purposes and wfRandomString for pesudo-random strings" wfGenerateToken was an unacceptable mess. It was used both for security purposes and trivial pesudo-random tokens as well. It claimed to be cryptographically secure but it used nothing more than one or two insecure calls to mt_rand. So, MWCryptRand if you are making tokens that need to be secure; Session tokens, user tokens, email confirmation tokens, etc... basically anything where it's possible it might matter that someone else could guess it. And a new function, wfRandomString for simple random semi-unique strings. Such as UNIQ ids like those used in the parser.
WONTFIX as per http://lists.wikimedia.org/pipermail/wikitech-l/2013-April/068359.html ?
I assume so.