r82676 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r82675‎ | r82676 | r82677 >
Date:16:18, 23 February 2011
Author:demon
Status:ok
Tags:
Comment:
Don't allow the user to create DB users with no passwords, it's not good practice.
We can't stop them from using users that already have empty passwords, but we can refuse to create it ;-)
Modified paths:
  • /trunk/phase3/includes/installer/DatabaseInstaller.php (modified) (history)
  • /trunk/phase3/includes/installer/Installer.i18n.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/installer/Installer.i18n.php
@@ -168,6 +168,8 @@
169169 'config-db-install-account' => 'User account for installation',
170170 'config-db-username' => 'Database username:',
171171 'config-db-password' => 'Database password:',
 172+ 'config-db-password-empty' => 'Please enter a password for the new database user: $1.
 173+While some database systems do allow users with no passwords, it is not secure.',
172174 'config-db-install-username' => 'Enter the username that will be used to connect to the database during the installation process.
173175 This is not the username of the MediaWiki account; this is the username for your database.',
174176 'config-db-install-password' => 'Enter the password that will be used to connect to the database during the installation process.
Index: trunk/phase3/includes/installer/DatabaseInstaller.php
@@ -527,6 +527,10 @@
528528 $this->setVar( 'wgDBpassword', $this->getVar( '_InstallPassword' ) );
529529 }
530530
 531+ if( $this->getVar( '_CreateDBAccount' ) && strval( $this->getVar( 'wgDBpassword' ) ) == '' ) {
 532+ return Status::newFatal( 'config-db-password-empty', $this->getVar( 'wgDBuser' ) );
 533+ }
 534+
531535 return Status::newGood();
532536 }
533537

Sign-offs

UserFlagDate
MaxSeminspected16:46, 23 February 2011
MaxSemtested16:46, 23 February 2011

Follow-up revisions

RevisionCommit summaryAuthorDate
r82677Tweak message from r82676maxsem16:27, 23 February 2011

Status & tagging log