From ed5b57566724e63930531d418606c68b542cb1a2 Mon Sep 17 00:00:00 2001
From: csteipp <csteipp@wikimedia.org>
Date: Thu, 30 Aug 2012 20:38:05 -0700
Subject: [PATCH] (bug 39184) LDAP password leakage

Allow AuthPlugin to determine if user passwords should be stored
locally.

* Released as part of 1.20wmf10, 1.19.2, 1.18.5

Change-Id: Ie41bed7ecf5390f8815128c227bae371880a6058
---
 includes/AuthPlugin.php | 9 +++++++++
 includes/User.php       | 5 +++++
 2 files changed, 14 insertions(+)

diff --git a/includes/AuthPlugin.php b/includes/AuthPlugin.php
index c7fcf93f3c..2e42439c9f 100644
--- a/includes/AuthPlugin.php
+++ b/includes/AuthPlugin.php
@@ -176,6 +176,15 @@ class AuthPlugin {
 		return true;
 	}
 
+	/**
+	 * Should MediaWiki store passwords in its local database?
+	 *
+	 * @return bool
+	 */
+	public function allowSetLocalPassword() {
+		return true;
+	}
+
 	/**
 	 * Set the given password in the authentication database.
 	 * As a special case, the password may be set to null to request
diff --git a/includes/User.php b/includes/User.php
index 13748de39b..0a3db4c07c 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -2891,11 +2891,16 @@ class User {
 	 * @todo Only rarely do all these fields need to be set!
 	 */
 	public function saveSettings() {
+		global $wgAuth;
+
 		$this->load();
 		if ( wfReadOnly() ) { return; }
 		if ( 0 == $this->mId ) { return; }
 
 		$this->mTouched = self::newTouchedTimestamp();
+		if ( !$wgAuth->allowSetLocalPassword() ) {
+			$this->mPassword = '';
+		}
 
 		$dbw = wfGetDB( DB_MASTER );
 		$dbw->update( 'user',
-- 
2.20.1