Prevent registration/login with the username "MediaWiki default"

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 6382a73..36e2e5e 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -366,6 +366,7 @@ Security:
 * XSS issue : now sanitize search query input (fixed in 1.5rc3)
 * Remove deprecated $wgOnlySysopsCanPatrol references; use User::isAllowed( 'patrol' )
   per bug 5282. Patch by Alan Harder.
+* Prevent registration/login with the username "MediaWiki default"
 
 Special Pages:
 * Rearranged Special:Movepage form to reduce confusion between destination

diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php
index ef58051..b6c7ef4 100644 (file)
--- a/includes/SpecialUserlogin.php
+++ b/includes/SpecialUserlogin.php
@@ -206,7 +206,7 @@ class LoginForm {
 
                $name = trim( $this->mName );
                $u = User::newFromName( $name );
-               if ( is_null( $u ) ) {
+               if ( is_null( $u ) || $u->getName() = 'MediaWiki default' ) {
                        $this->mainLoginForm( wfMsg( 'noname' ) );
                        return false;
                }
@@ -293,7 +293,7 @@ class LoginForm {
                        return;
                }
                $u = User::newFromName( $this->mName );
-               if( is_null( $u ) ) {
+               if( is_null( $u ) || $u->getName() == 'MediaWiki default' ) {
                        $this->mainLoginForm( wfMsg( 'noname' ) );
                        return;
                }