r58171 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r58170‎ \| r58171 \| r58172 >
Date:	22:58, 26 October 2009
Author:	skizzerz
Status:	reverted (Comments)
Tags:
Comment:	* Any strings returned by the isValidPassword hook are now shown as error messages instead of MediaWiki thinking that the hook said the password was valid. * The error message shown in Special:ChangePassword now parses wiki markup
Modified paths:	/trunk/phase3/RELEASE-NOTES (modified) (history) /trunk/phase3/includes/User.php (modified) (history) /trunk/phase3/includes/specials/SpecialResetpass.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/User.php
—	—	@@ -621,7 +621,7 @@
622	622	* Is the input a valid password for this user?
623	623	*
624	624	* @param $password String Desired password
625		~~- * @return bool True or false~~
	625	+ * @return mixed: bool True or false or a message key explaining why the password is invalid
626	626	*/
627	627	function isValidPassword( $password ) {
628	628	global $wgMinimalPasswordLength, $wgContLang;
—	—	@@ -645,14 +645,16 @@
646	646	function getPasswordValidity( $password ) {
647	647	global $wgMinimalPasswordLength, $wgContLang;
648	648
649		~~- if ( !$this->isValidPassword( $password ) ) {~~
	649	+ if ( ( $result = $this->isValidPassword( $password ) ) === false ) {
650	650	if( strlen( $password ) < $wgMinimalPasswordLength ) {
651	651	return 'passwordtooshort';
652	652	} elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
653	653	return 'password-name-match';
654	654	}
	655	+ } elseif( $result === true ) {
	656	+ return true;
655	657	} else {
656		~~- return true;~~
	658	+ return $result; //the isValidPassword hook set a string $result and returned false
657	659	}
658	660	}
659	661
—	—	@@ -1768,7 +1770,7 @@
1769	1771	throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
1770	1772	}
1771	1773
1772		~~- if( !$this->isValidPassword( $str ) ) {~~
	1774	+ if( $this->isValidPassword( $str ) !== true ) {
1773	1775	global $wgMinimalPasswordLength;
1774	1776	$valid = $this->getPasswordValidity( $str );
1775	1777	throw new PasswordError( wfMsgExt( $valid, array( 'parsemag' ),
Index: trunk/phase3/includes/specials/SpecialResetpass.php
—	—	@@ -68,7 +68,7 @@
69	69
70	70	function error( $msg ) {
71	71	global $wgOut;
72		~~- $wgOut->addHTML( Xml::element('p', array( 'class' => 'error' ), $msg ) );~~
	72	+ $wgOut->addWikiText( '<div class="error">' . $msg . '</div>' );
73	73	}
74	74
75	75	function showForm() {
Index: trunk/phase3/RELEASE-NOTES
—	—	@@ -598,6 +598,9 @@
599	599	* (bug 18019) Users are now warned when moving a file to a name in use on a
600	600	shared repository and only users with the 'reupload-shared' permission can
601	601	complete the move.
	602	+* Any strings returned by the isValidPassword hook are now shown as error messages
	603	+ instead of MediaWiki thinking that the hook said the password was valid.
	604	+* The error message shown in Special:ChangePassword now parses wiki markup
602	605
603	606	== API changes in 1.16 ==
604	607

Follow-up revisions

Revision	Commit summary	Author	Date
r58182	Revert r58171/r58172 for now. It seems it breaks login to translatewiki.net	raymond	07:13, 27 October 2009

Comments

#Comment by Skizzerz (talk | contribs) 23:22, 26 October 2009

r58172 is a followup to this commit after a conversation with ^demon in IRC suggesting that User::isValidPassword() should only return a boolean, and that User::getPasswordValidity() should be used for the string.

I needed to move the isValidPassword hook to accomplish this and change the call order, but that will not affect any extensions or anything on the frontend (before the followup, getPasswordValidity calls isValidPassword which calls the hook. After the followup, isValidPassword calls getPasswordValidity which calls the hook -- either way the hook gets called, the order just got reversed)

Status & tagging log

08:00, 27 October 2009 Raymond (talk | contribs) changed the status of r58171 [removed: new added: reverted]