Last modified: 2009-11-28 04:55:20 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T21157, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 19157 - createAndPromote error on bad password
createAndPromote error on bad password
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
Maintenance scripts (Other open bugs)
1.16.x
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks: 19133
  Show dependency treegraph
 
Reported: 2009-06-11 14:02 UTC by Chad H.
Modified: 2009-11-28 04:55 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
Adds password checking; also makes the other messages a little more informative (1.38 KB, patch)
2009-06-11 18:07 UTC, Emufarmers
Details
patch to isValidPassword and setPassword (2.09 KB, patch)
2009-06-24 18:17 UTC, OverlordQ
Details

Description Chad H. 2009-06-11 14:02:31 UTC
If createAndPromote is fed a bad password, the account is created anyway. Should roll back the creation if we can't make a valid PW.
Comment 1 Emufarmers 2009-06-11 18:07:39 UTC
Created attachment 6217 [details]
Adds password checking; also makes the other messages a little more informative
Comment 2 Chad H. 2009-06-24 02:03:03 UTC
Fixed in r52336.
Comment 3 Emufarmers 2009-06-24 14:30:28 UTC
As it is, the script is going to report back with "password too short" even if the password was rejected for another reason. (Fixing this will probably require reworking User::setPassword() and User::isValidPassword).
Comment 4 OverlordQ 2009-06-24 18:17:44 UTC
Created attachment 6260 [details]
patch to isValidPassword and setPassword

Horrible patch to separate too short passwords from invalid passwords.  Unfortunately requires a message change.
Comment 5 Chad H. 2009-06-27 16:54:00 UTC
Fixed in r52494 in trunk. Will merge to branch later.
Comment 6 Brion Vibber 2009-08-24 00:11:35 UTC
Copying my notes from Code Review on r52494:

Eww... this is a really ugly calling convention.

If the function is named 'isSomething', it needs to return a boolean otherwise you're just asking for trouble. An optional outparam for returning a message key would be much less annoying in this context.
Comment 7 Chad H. 2009-11-28 04:55:20 UTC
This has been fixed for awhile now. User.php was cleaned up, and my original complaint about creating users with bad passwords has also been fixed for quite some time.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links