Page MenuHomePhabricator

$wgMinimalPasswordLength's default should be 1
Closed, ResolvedPublic

Description

Empty passwords make absolutely no sense (and are disallowed on WMF wikis). There's no reason I can see to allow them by default in MediaWiki core.

For reference, $wgMinimalPasswordLength was added in r7317 following bug 621.


Version: unspecified
Severity: enhancement

Details

Reference
bz18222

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:34 PM
bzimport set Reference to bz18222.
bzimport added a subscriber: Unknown Object (MLST).

Regarding this message,

'passwordtooshort' => 'Your password is invalid or too short. It must
have at least {{PLURAL:$1|1 character|$1 characters}} ...

The user will say "But I DID enter at least 1 character!"

He will get so frustrated that he will not read to the end of the
message.

That is why you need to split this into two different responses
depending on what he violated.

(In reply to comment #2)

Regarding this message,

'passwordtooshort' => 'Your password is invalid or too short. It must
have at least {{PLURAL:$1|1 character|$1 characters}} ...

... "and must be different from the username" (to save others the trouble of looking up [[MediaWiki:passwordtooshort]])

(In reply to comment #2)

Regarding this message,

'passwordtooshort' => 'Your password is invalid or too short. It must
have at least {{PLURAL:$1|1 character|$1 characters}} ...

The user will say "But I DID enter at least 1 character!"

He will get so frustrated that he will not read to the end of the
message.

That is why you need to split this into two different responses
depending on what he violated.

I highly doubt anyone gets so frustrated that they refuse to read 7 more words. Stop exaggerating. Reclosing as FIXED.