Bug: T207777
Change-Id: I1e12ef94f455f96b4d70af27a315414500c709ab
$username = $user->getName();
$contLang = MediaWikiServices::getInstance()->getContentLanguage();
if (
$username = $user->getName();
$contLang = MediaWikiServices::getInstance()->getContentLanguage();
if (
- $policyVal && $contLang->lc( $password ) === $contLang->lc( $username )
+ $policyVal && hash_equals( $contLang->lc( $username ), $contLang->lc( $password ) )
) {
$status->error( 'password-name-match' );
}
) {
$status->error( 'password-name-match' );
}
$status = Status::newGood();
$username = $user->getName();
if ( $policyVal ) {
$status = Status::newGood();
$username = $user->getName();
if ( $policyVal ) {
- if ( isset( $blockedLogins[$username] ) && $password == $blockedLogins[$username] ) {
+ if (
+ isset( $blockedLogins[$username] ) &&
+ hash_equals( $blockedLogins[$username], $password )
+ ) {
$status->error( 'password-login-forbidden' );
}
// Example from ApiChangeAuthenticationRequest
$status->error( 'password-login-forbidden' );
}
// Example from ApiChangeAuthenticationRequest
- if ( $password === 'ExamplePassword' ) {
+ if ( hash_equals( 'ExamplePassword', $password ) ) {
$status->error( 'password-login-forbidden' );
}
}
$status->error( 'password-login-forbidden' );
}
}