I suggest to harmonize the two functions with the goal, that also the temporary password (newPassword) can be made invalid by passing a null parameter.
Current version does not allow to clear the temporary password, but I wish to have thar for E:OpenID .
Current code in User.php is:
/**
- Set the password and reset the random token unconditionally. *
- @param string|null $str New password to set or null to set an invalid
- password hash meaning that the user will not be able to log in
- through the web interface.
*/
public function setInternalPassword( $str ) {
$this->load();
$this->setToken();
if ( $str === null ) {
// Save an invalid hash...
$this->mPassword = '';
} else {
$this->mPassword = self::crypt( $str );
}
$this->mNewpassword = '';
$this->mNewpassTime = null;}
/**
- Set the password for a password reminder or new account email *
- @param string $str New password to set
- @param bool $throttle If true, reset the throttle timestamp to the present
*/
public function setNewpassword( $str, $throttle = true ) {
$this->load();
$this->mNewpassword = self::crypt( $str );
if ( $throttle ) {
$this->mNewpassTime = wfTimestampNow();
}}
Version: 1.23.0
Severity: enhancement