If createAndPromote is fed a bad password, the account is created anyway. Should roll back the creation if we can't make a valid PW.
Version: 1.16.x
Severity: normal
• demon | |
Jun 11 2009, 2:02 PM |
F5786: User.php.diff | |
Nov 21 2014, 10:40 PM |
F5785: createAndPromote.patch | |
Nov 21 2014, 10:40 PM |
If createAndPromote is fed a bad password, the account is created anyway. Should roll back the creation if we can't make a valid PW.
Version: 1.16.x
Severity: normal
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | • demon | T21133 Maintenance script cleanup | |||
Resolved | None | T21157 createAndPromote error on bad password |
Adds password checking; also makes the other messages a little more informative
Attached:
As it is, the script is going to report back with "password too short" even if the password was rejected for another reason. (Fixing this will probably require reworking User::setPassword() and User::isValidPassword).
overlordq wrote:
patch to isValidPassword and setPassword
Horrible patch to separate too short passwords from invalid passwords. Unfortunately requires a message change.
Attached:
Copying my notes from Code Review on r52494:
Eww... this is a really ugly calling convention.
If the function is named 'isSomething', it needs to return a boolean otherwise you're just asking for trouble. An optional outparam for returning a message key would be much less annoying in this context.
This has been fixed for awhile now. User.php was cleaned up, and my original complaint about creating users with bad passwords has also been fixed for quite some time.