Last modified: 2010-05-15 15:38:37 UTC
AuthPlugin::setPassword is currently declared to use a single parameter,
$password. That makes no sense because an implementor of that method (e.g. in a
custom AuthPlugin) does not know whose user's password is supposed to be changed.
Also, the code in SpecialPreferences correctly invokes the method with two
parameters: $user and $password.
I suspect somebody got confused or copy-pasted from class User: there,
setPassword indeed only takes a single $password argument (because it is applied
to the User object which obviously knows what user it refers to).
While very easy to fix, I have taken the liberty to make this a major-severity
bug because it likely confuse countless AuthPlugin developers sooner or later.
still present in 1.5.0
This was fixed in r17965