Page MenuHomePhabricator

fix_dataleakage.patch

Authored By
bzimport
Nov 22 2014, 1:06 AM
Size
1 KB
Referenced Files
None
Subscribers
None

fix_dataleakage.patch

From 2f4b431d868149399aca16d36eaccd95bf4ab41e Mon Sep 17 00:00:00 2001
From: Ryan Lane <rlane@wikimedia.org>
Date: Wed, 8 Aug 2012 17:42:25 -0700
Subject: [PATCH] Allow/disallow saving of local passwords
Allows AuthPlugin to determine if MediaWiki should store passwords in the local database.
Change-Id: Ia32b7d5d61d0ab0652a7c1b9df771b82e9f6bed1
---
includes/AuthPlugin.php | 9 +++++++++
includes/User.php | 5 +++++
2 files changed, 14 insertions(+), 0 deletions(-)
diff --git a/includes/AuthPlugin.php b/includes/AuthPlugin.php
index c7fcf93..2e42439 100644
--- a/includes/AuthPlugin.php
+++ b/includes/AuthPlugin.php
@@ -177,6 +177,15 @@ class AuthPlugin {
}
/**
+ * Should MediaWiki store passwords in its local database?
+ *
+ * @return bool
+ */
+ public function allowSetLocalPassword() {
+ return true;
+ }
+
+ /**
* Set the given password in the authentication database.
* As a special case, the password may be set to null to request
* locking the password to an unusable value, with the expectation
diff --git a/includes/User.php b/includes/User.php
index aef49fc..f29d18f 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -2871,11 +2871,16 @@ class User {
* @todo Only rarely do all these fields need to be set!
*/
public function saveSettings() {
+ global $wgAuth;
+
$this->load();
if ( wfReadOnly() ) { return; }
if ( 0 == $this->mId ) { return; }
$this->mTouched = self::newTouchedTimestamp();
+ if ( !$wgAuth->allowSetLocalPassword() ) {
+ $this->mPassword = '';
+ }
$dbw = wfGetDB( DB_MASTER );
$dbw->update( 'user',
--
1.7.7.5 (Apple Git-26)

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9560
Default Alt Text
fix_dataleakage.patch (1 KB)

Event Timeline