* (bug 8241) Don't consider user pages of User:Foo.css to be CSS subpages
* Set an explicit class on framed thumbnail inner divs and images, changed some
CSS to use these instead of using descendent selectors.
+* Accept null parameter to User::setPassword() as indicating the password
+ field should be cleared to an unusable state. Login will only be possible
+ after the password is reset, for instance by e-mail.
+* (bug 6394) Invalidate the password set for "by e-mail" account creations
+ to avoid accidental empty password creations.
== Languages updated ==
/**
* Set the given password in the authentication database.
+ * As a special case, the password may be set to null to request
+ * locking the password to an unusable value, with the expectation
+ * that it will be set later through a mail reset or other method.
+ *
* Return true if successful.
*
* @param $user User object.
* pass the change through or if the legal password
* checks fail.
*
+ * As a special case, setting the password to null
+ * wipes it, so the account cannot be logged in until
+ * a new password is set, for instance via e-mail.
+ *
* @param string $str
* @throws PasswordError on failure
*/
function setPassword( $str ) {
global $wgAuth;
- if( !$wgAuth->allowPasswordChange() ) {
- throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
- }
+ if( $str !== null ) {
+ if( !$wgAuth->allowPasswordChange() ) {
+ throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
+ }
- if( !$this->isValidPassword( $str ) ) {
- global $wgMinimalPasswordLength;
- throw new PasswordError( wfMsg( 'passwordtooshort',
- $wgMinimalPasswordLength ) );
+ if( !$this->isValidPassword( $str ) ) {
+ global $wgMinimalPasswordLength;
+ throw new PasswordError( wfMsg( 'passwordtooshort',
+ $wgMinimalPasswordLength ) );
+ }
}
if( !$wgAuth->setPassword( $this, $str ) ) {
$this->load();
$this->setToken();
- $this->mPassword = $this->encryptPassword( $str );
+
+ if( $str === null ) {
+ // Save an invalid hash...
+ $this->mPassword = '';
+ } else {
+ $this->mPassword = $this->encryptPassword( $str );
+ }
$this->mNewpassword = '';
- $this->mNewpassTime = NULL;
+ $this->mNewpassTime = null;
return true;
}