From 8fcd602c89b7872f5f3c94949e258935267fba5e Mon Sep 17 00:00:00 2001 From: Chad Horohoe Date: Wed, 23 Feb 2011 16:18:51 +0000 Subject: [PATCH] Don't allow the user to create DB users with no passwords, it's not good practice. We can't stop them from using users that already have empty passwords, but we can refuse to create it ;-) --- includes/installer/DatabaseInstaller.php | 4 ++++ includes/installer/Installer.i18n.php | 2 ++ 2 files changed, 6 insertions(+) diff --git a/includes/installer/DatabaseInstaller.php b/includes/installer/DatabaseInstaller.php index be84bd7bfc..ec7a5efdd1 100644 --- a/includes/installer/DatabaseInstaller.php +++ b/includes/installer/DatabaseInstaller.php @@ -527,6 +527,10 @@ abstract class DatabaseInstaller { $this->setVar( 'wgDBpassword', $this->getVar( '_InstallPassword' ) ); } + if( $this->getVar( '_CreateDBAccount' ) && strval( $this->getVar( 'wgDBpassword' ) ) == '' ) { + return Status::newFatal( 'config-db-password-empty', $this->getVar( 'wgDBuser' ) ); + } + return Status::newGood(); } diff --git a/includes/installer/Installer.i18n.php b/includes/installer/Installer.i18n.php index 294e68586a..1ff80731d0 100644 --- a/includes/installer/Installer.i18n.php +++ b/includes/installer/Installer.i18n.php @@ -168,6 +168,8 @@ If you are using shared web hosting, your hosting provider will either give you 'config-db-install-account' => 'User account for installation', 'config-db-username' => 'Database username:', 'config-db-password' => 'Database password:', + 'config-db-password-empty' => 'Please enter a password for the new database user: $1. +While some database systems do allow users with no passwords, it is not secure.', 'config-db-install-username' => 'Enter the username that will be used to connect to the database during the installation process. This is not the username of the MediaWiki account; this is the username for your database.', 'config-db-install-password' => 'Enter the password that will be used to connect to the database during the installation process. -- 2.20.1