Don't allow the user to create DB users with no passwords, it's not good practice.

We can't stop them from using users that already have empty passwords, but we can refuse to create it ;-)

diff --git a/includes/installer/DatabaseInstaller.php b/includes/installer/DatabaseInstaller.php
index be84bd7..ec7a5ef 100644 (file)
--- a/includes/installer/DatabaseInstaller.php
+++ b/includes/installer/DatabaseInstaller.php
@@ -527,6 +527,10 @@ abstract class DatabaseInstaller {
                        $this->setVar( 'wgDBpassword', $this->getVar( '_InstallPassword' ) );
                }
 
+               if( $this->getVar( '_CreateDBAccount' ) && strval( $this->getVar( 'wgDBpassword' ) ) == '' ) {
+                       return Status::newFatal( 'config-db-password-empty', $this->getVar( 'wgDBuser' ) );
+               }
+
                return Status::newGood();
        }
 

diff --git a/includes/installer/Installer.i18n.php b/includes/installer/Installer.i18n.php
index 294e685..1ff8073 100644 (file)
--- a/includes/installer/Installer.i18n.php
+++ b/includes/installer/Installer.i18n.php
@@ -168,6 +168,8 @@ If you are using shared web hosting, your hosting provider will either give you
        'config-db-install-account'       => 'User account for installation',
        'config-db-username'              => 'Database username:',
        'config-db-password'              => 'Database password:',
+       'config-db-password-empty'        => 'Please enter a password for the new database user: $1.
+While some database systems do allow users with no passwords, it is not secure.',
        'config-db-install-username'      => 'Enter the username that will be used to connect to the database during the installation process.
 This is not the username of the MediaWiki account; this is the username for your database.',
        'config-db-install-password'      => 'Enter the password that will be used to connect to the database during the installation process.