From: Chad Horohoe Date: Wed, 23 Feb 2011 16:18:51 +0000 (+0000) Subject: Don't allow the user to create DB users with no passwords, it's not good practice. X-Git-Tag: 1.31.0-rc.0~31810 X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/banques/?a=commitdiff_plain;h=8fcd602c89b7872f5f3c94949e258935267fba5e;p=lhc%2Fweb%2Fwiklou.git Don't allow the user to create DB users with no passwords, it's not good practice. We can't stop them from using users that already have empty passwords, but we can refuse to create it ;-) --- diff --git a/includes/installer/DatabaseInstaller.php b/includes/installer/DatabaseInstaller.php index be84bd7bfc..ec7a5efdd1 100644 --- a/includes/installer/DatabaseInstaller.php +++ b/includes/installer/DatabaseInstaller.php @@ -527,6 +527,10 @@ abstract class DatabaseInstaller { $this->setVar( 'wgDBpassword', $this->getVar( '_InstallPassword' ) ); } + if( $this->getVar( '_CreateDBAccount' ) && strval( $this->getVar( 'wgDBpassword' ) ) == '' ) { + return Status::newFatal( 'config-db-password-empty', $this->getVar( 'wgDBuser' ) ); + } + return Status::newGood(); } diff --git a/includes/installer/Installer.i18n.php b/includes/installer/Installer.i18n.php index 294e68586a..1ff80731d0 100644 --- a/includes/installer/Installer.i18n.php +++ b/includes/installer/Installer.i18n.php @@ -168,6 +168,8 @@ If you are using shared web hosting, your hosting provider will either give you 'config-db-install-account' => 'User account for installation', 'config-db-username' => 'Database username:', 'config-db-password' => 'Database password:', + 'config-db-password-empty' => 'Please enter a password for the new database user: $1. +While some database systems do allow users with no passwords, it is not secure.', 'config-db-install-username' => 'Enter the username that will be used to connect to the database during the installation process. This is not the username of the MediaWiki account; this is the username for your database.', 'config-db-install-password' => 'Enter the password that will be used to connect to the database during the installation process.