Last modified: 2007-03-13 18:13:09 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 9271 - User::setPassword checks wgAuth->allowPasswordChange -- wrong??
User::setPassword checks wgAuth->allowPasswordChange -- wrong??
Status: RESOLVED DUPLICATE of bug 8815
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.10.x
PC Windows XP
: Low minor (vote)
: ---
Assigned To: Nobody - You can work on this!
: patch
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-03-13 12:21 UTC by MrPete
Modified: 2007-03-13 18:13 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
Patch to remove bogus allowPasswordChange() test (525 bytes, patch)
2007-03-13 12:22 UTC, MrPete
Details

Description MrPete 2007-03-13 12:21:24 UTC
AFAIK, Auth->allowPasswordChange is documented and coded to validate whether
users (via preferences) are allowed to modify their password in MW.

Examples such as AutoAuth use User::setPassword to force the MW password to an
invalid hash such as 'nologin'

Unfortunately, to do so right now requires that the Auth plugin enable user
password changes, because of this test in User::setPassword (line 1387).

It appears to be appropriate and safe to remove the test completely.
setPassword() accomplishes the correct test, and is already used.

See attached patch.
Comment 1 MrPete 2007-03-13 12:22:07 UTC
Created attachment 3347 [details]
Patch to remove bogus allowPasswordChange() test
Comment 2 Brion Vibber 2007-03-13 18:13:09 UTC

*** This bug has been marked as a duplicate of 8815 ***

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links