r21640 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r21639‎ \| r21640 \| r21641 >
Date:	21:45, 26 April 2007
Author:	brion
Status:	old
Tags:
Comment:	* (bug 3348) Some additional weak password checks: password which is same as username will now be rejected. There are some UI issues still with handling of bad/weak passwords. It's not too clear to the legit user who tries to log in again. There's also some bad behavior on the create account form; short or bad passwords just give an exception backtrace. Nice. :) But that's existing problems...
Modified paths:	/trunk/phase3/RELEASE-NOTES (modified) (history) /trunk/phase3/includes/User.php (modified) (history) /trunk/phase3/languages/messages/MessagesEn.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/User.php
—	—	@@ -487,15 +487,15 @@
488	488	*
489	489	* @param string $password
490	490	* @return bool
491		~~- * @static~~
492	491	*/
493		~~- static function isValidPassword( $password ) {~~
494		~~- global $wgMinimalPasswordLength;~~
	492	+ function isValidPassword( $password ) {
	493	+ global $wgMinimalPasswordLength, $wgContLang;
495	494
496	495	$result = null;
497	496	if( !wfRunHooks( 'isValidPassword', array( $password, &$result ) ) ) return $result;
498		~~- if ($result === false) return false;~~
499		~~- return (strlen( $password ) >= $wgMinimalPasswordLength);~~
	497	+ if ($result === false) return false;
	498	+ return (strlen( $password ) >= $wgMinimalPasswordLength) &&
	499	+ ($wgContLang->lc( $password ) !== $wgContLang->lc( $this->mName ));
500	500	}
501	501
502	502	/**
Index: trunk/phase3/languages/messages/MessagesEn.php
—	—	@@ -2416,7 +2416,7 @@
2417	2417	'variantname-kk-cn' => 'kk-cn',
2418	2418	'variantname-kk' => 'kk',
2419	2419
2420		~~-'passwordtooshort' => 'Your password is too short. It must have at least $1 characters.',~~
	2420	+'passwordtooshort' => 'Your password is invalid or too short. It must have at least $1 characters and be different from your username.',
2421	2421
2422	2422	# Metadata
2423	2423	'metadata' => 'Metadata',
Index: trunk/phase3/RELEASE-NOTES
—	—	@@ -356,6 +356,8 @@
357	357	converted from 1.4 to 1.5 schema
358	358	* (bug 9682) Revert PHP 5.1 dependency on warning suppression for SVN info
359	359	* (bug 5959) Anchors dropped from stub links
	360	+* (bug 3348) Some additional weak password checks: password which is same
	361	+ as username will now be rejected.
360	362
361	363
362	364	== Maintenance ==

Follow-up revisions

Revision	Commit summary	Author	Date
r21762	Fix backtrace when creating an account with a password being the same as the...	hashar	17:52, 1 May 2007
r21763	l10n for r21640 (additions to 'passwordtooshort')	hashar	17:54, 1 May 2007
r36573	Implement Extension:PasswordStrength (solves bug 3348)	demon	14:50, 23 June 2008