* Fixed a bug that would occour if $wgCapitalLinks was set to false, a user

  agent could create a username that began with a lower case letter that was
  not in the ASCII character set ( now user $wgContLang->ucfirst() instead of
  PHP ucfirst() )
* Moved the user name / password validity checking from
  LoginForm::addNewAccountInternal() to two new functions,
  User::isValidUserName() and User::isValidPassword(), extensions can now do
  these checks without rewriting code.

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 8395ac4..cc9483a 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -381,6 +381,14 @@ Various bugfixes, small features, and a few experimental things:
 * Try reading revision _text_ from master if no result on slave
 * Use content-language message cache for raw view of message pages
 * (bug 2530) Not displaying talk pages on Special:Watchlist/edit
+* Fixed a bug that would occour if $wgCapitalLinks was set to false, a user
+  agent could create a username that began with a lower case letter that was
+  not in the ASCII character set ( now user $wgContLang->ucfirst() instead of
+  PHP ucfirst() )
+* Moved the user name / password validity checking from
+  LoginForm::addNewAccountInternal() to two new functions,
+  User::isValidUserName() and User::isValidPassword(), extensions can now do
+  these checks without rewriting code.
 
 
 === Caveats ===

diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php
index f7b6680..953e3c9 100644 (file)
--- a/includes/SpecialUserlogin.php
+++ b/includes/SpecialUserlogin.php
@@ -159,9 +159,8 @@ class LoginForm {
         */
        function addNewAccountInternal() {
                global $wgUser, $wgOut;
-               global $wgMaxNameChars, $wgUseLatin1, $wgEnableSorbs, $wgProxyWhitelist;
+               global $wgUseLatin1, $wgEnableSorbs, $wgProxyWhitelist;
                global $wgMemc, $wgAccountCreationThrottle, $wgDBname, $wgIP;
-               global $wgMinimalPasswordLength;
                global $wgAuth;
 
                // If the user passes an invalid domain, something is fishy
@@ -183,8 +182,6 @@ class LoginForm {
                        }
                }
 
-
-
                if (!$wgUser->isAllowedToCreateAccount()) {
                        $this->userNotPrivilegedMessage();
                        return false;
@@ -205,16 +202,11 @@ class LoginForm {
                
                $name = trim( $this->mName );
                $u = User::newFromName( $name );
-               if ( is_null( $u ) ||
-                 ( '' == $name ) ||
-                 $wgUser->isIP( $name ) ||
-                 (strpos( $name, '/' ) !== false) ||
-                 (strlen( $name ) > $wgMaxNameChars) ||
-                 ucFirst($name) != $u->getName() ) 
-               {
+               if ( is_null( $u ) || !$wgUser->isValidUserName( $name ) ) {
                        $this->mainLoginForm( wfMsg( 'noname' ) );
                        return false;
                }
+               
                if ( wfReadOnly() ) {
                        $wgOut->readOnlyPage();
                        return false;
@@ -225,7 +217,7 @@ class LoginForm {
                        return false;
                }
 
-               if ( strlen( $this->mPassword ) < $wgMinimalPasswordLength ) {
+               if ( !$wgUser->isValidPassword( $this->mPassword ) ) {
                        $this->mainLoginForm( wfMsg( 'passwordtooshort', $wgMinimalPasswordLength ) );
                        return false;
                }

diff --git a/includes/User.php b/includes/User.php
index 0de4090..807b4c9 100644 (file)
--- a/includes/User.php
+++ b/includes/User.php
@@ -163,8 +163,44 @@ class User {
        }
 
        /**
+        * Is the input a valid username?
+        *
+        * Checks if the input is a valid username, we don't want an empty string,
+        * an IP address, anything that containins slashes (would mess up subpages),
+        * is longer than the maximum allowed username size or doesn't begin with
+        * a capital letter.
+        *
+        * @param string $name
+        * @return bool
+        */
+       function isValidUserName( $name ) {
+               global $wgContLang, $wgMaxNameChars;
+               
+               if ( $name == ''
+               || $this->isIP( $name )
+               || strpos( $name, '/' ) !== false
+               || strlen( $name ) > $wgMaxNameChars
+               || $name != $wgContLang->ucfirst( $name ) )
+                       return false;
+               else
+                       return true;
+       }
+
+       /**
+        * Is the input a valid password?
+        *
+        * @param string $password
+        * @return bool
+        */
+       function isValidPassword( $password ) {
+               global $wgMinimalPasswordLength;
+               return strlen( $password ) >= $wgMinimalPasswordLength;
+       }
+
+       /**     
         * does the string match roughly an email address ?
         *
+        * @todo Check for RFC 2822 compilance
         * @bug 959
         *
         * @param string $addr email address