* (bug 3348) Some additional weak password checks: password which is same as username...

There are some UI issues still with handling of bad/weak passwords. It's not too clear to the legit user who tries to log in again. There's also some bad behavior on the create account form; short or bad passwords just give an exception backtrace. Nice. :) But that's existing problems...

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 29c179d..c887a01 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -356,6 +356,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
   converted from 1.4 to 1.5 schema
 * (bug 9682) Revert PHP 5.1 dependency on warning suppression for SVN info
 * (bug 5959) Anchors dropped from stub links
+* (bug 3348) Some additional weak password checks: password which is same
+  as username will now be rejected.
 
 
 == Maintenance ==

diff --git a/includes/User.php b/includes/User.php
index 6f97371..5b840d7 100644 (file)
--- a/includes/User.php
+++ b/includes/User.php
@@ -487,15 +487,15 @@ class User {
         *
         * @param string $password
         * @return bool
-        * @static
         */
-       static function isValidPassword( $password ) {
-               global $wgMinimalPasswordLength;
+       function isValidPassword( $password ) {
+               global $wgMinimalPasswordLength, $wgContLang;
 
                $result = null;
                if( !wfRunHooks( 'isValidPassword', array( $password, &$result ) ) ) return $result;
-               if ($result === false) return false; 
-               return (strlen( $password ) >= $wgMinimalPasswordLength);
+               if ($result === false) return false;
+               return (strlen( $password ) >= $wgMinimalPasswordLength) &&
+                       ($wgContLang->lc( $password ) !== $wgContLang->lc( $this->mName ));
        }
 
        /**

diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index 64e1dbd..c5cf366 100644 (file)
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -2416,7 +2416,7 @@ All transwiki import actions are logged at the [[Special:Log/import|import log]]
 'variantname-kk-cn' => 'kk-cn',
 'variantname-kk' => 'kk',
 
-'passwordtooshort' => 'Your password is too short. It must have at least $1 characters.',
+'passwordtooshort' => 'Your password is invalid or too short. It must have at least $1 characters and be different from your username.',
 
 # Metadata
 'metadata' => 'Metadata',