From 72f806829c288f144d206128e90bbab2b8d3e08f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bartosz=20Dziewo=C5=84ski?= <matma.rex@gmail.com>
Date: Wed, 17 Nov 2021 23:53:38 +0100
Subject: [PATCH] Ensure form tokens are not longer than allowed

Bug: T295940
Change-Id: I4e3fd5d3ef21274b104c4d22e3bab11043d61334
---
 modules/dt.ui.ReplyWidget.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/dt.ui.ReplyWidget.js b/modules/dt.ui.ReplyWidget.js
index 7463f70ac..ea3ac7e7a 100644
--- a/modules/dt.ui.ReplyWidget.js
+++ b/modules/dt.ui.ReplyWidget.js
@@ -533,7 +533,9 @@ ReplyWidget.prototype.afterSetup = function () {
 ReplyWidget.prototype.getFormToken = function () {
 	var formToken = this.storage.get( this.storagePrefix + '/formToken' );
 	if ( !formToken ) {
-		formToken = Math.random().toString( 36 ).slice( 2 );
+		// See ApiBase::PARAM_MAX_CHARS in ApiDiscussionToolsEdit.php
+		var maxLength = 16;
+		formToken = Math.random().toString( 36 ).slice( 2, maxLength + 2 );
 		this.storage.set( this.storagePrefix + '/formToken', formToken );
 	}
 	return formToken;