Last modified: 2007-03-13 18:13:09 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T11271, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 9271 - User::setPassword checks wgAuth->allowPasswordChange -- wrong??
User::setPassword checks wgAuth->allowPasswordChange -- wrong??
Status: RESOLVED DUPLICATE of bug 8815
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
PC Windows XP
: Low minor (vote)
: ---
Assigned To: Nobody - You can work on this!
: patch
Depends on:
  Show dependency treegraph
Reported: 2007-03-13 12:21 UTC by MrPete
Modified: 2007-03-13 18:13 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Patch to remove bogus allowPasswordChange() test (525 bytes, patch)
2007-03-13 12:22 UTC, MrPete

Description MrPete 2007-03-13 12:21:24 UTC
AFAIK, Auth->allowPasswordChange is documented and coded to validate whether
users (via preferences) are allowed to modify their password in MW.

Examples such as AutoAuth use User::setPassword to force the MW password to an
invalid hash such as 'nologin'

Unfortunately, to do so right now requires that the Auth plugin enable user
password changes, because of this test in User::setPassword (line 1387).

It appears to be appropriate and safe to remove the test completely.
setPassword() accomplishes the correct test, and is already used.

See attached patch.
Comment 1 MrPete 2007-03-13 12:22:07 UTC
Created attachment 3347 [details]
Patch to remove bogus allowPasswordChange() test
Comment 2 Brion Vibber 2007-03-13 18:13:09 UTC

*** This bug has been marked as a duplicate of 8815 ***

Note You need to log in before you can comment on or make changes to this bug.