diff options
author | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-05-01 15:17:42 -0400 |
---|---|---|
committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-05-01 15:17:42 -0400 |
commit | f7d4cf9ed0ae68fec630d14e8f6aade38e49f036 (patch) | |
tree | a730c57badbe0e2f0f064ca2006c82d4b6ed54ea /includes/User.php | |
parent | aee35e4a93d105024bcae947cd8b16c962191f5c (diff) | |
parent | 5d1e7dd0ccda0984ccf3e8e3d0f88ac888b05819 (diff) |
Merge commit '5d1e7'
Diffstat (limited to 'includes/User.php')
-rw-r--r-- | includes/User.php | 40 |
1 files changed, 26 insertions, 14 deletions
diff --git a/includes/User.php b/includes/User.php index 5e5d3eed..a925a3c4 100644 --- a/includes/User.php +++ b/includes/User.php @@ -773,15 +773,24 @@ class User implements IDBAccessObject { } /** - * Check if this is a valid password for this user. Status will be good if - * the password is valid, or have an array of error messages if not. + * Check if this is a valid password for this user + * + * Create a Status object based on the password's validity. + * The Status should be set to fatal if the user should not + * be allowed to log in, and should have any errors that + * would block changing the password. + * + * If the return value of this is not OK, the password + * should not be checked. If the return value is not Good, + * the password can be checked, but the user should not be + * able to set their password to this. * * @param string $password Desired password * @return Status * @since 1.23 */ public function checkPasswordValidity( $password ) { - global $wgMinimalPasswordLength, $wgContLang; + global $wgMinimalPasswordLength, $wgMaximalPasswordLength, $wgContLang; static $blockedLogins = array( 'Useruser' => 'Passpass', 'Useruser1' => 'Passpass1', # r75589 @@ -801,6 +810,10 @@ class User implements IDBAccessObject { if ( strlen( $password ) < $wgMinimalPasswordLength ) { $status->error( 'passwordtooshort', $wgMinimalPasswordLength ); return $status; + } elseif ( strlen( $password ) > $wgMaximalPasswordLength ) { + // T64685: Password too long, might cause DoS attack + $status->fatal( 'passwordtoolong', $wgMaximalPasswordLength ); + return $status; } elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) { $status->error( 'password-name-match' ); return $status; @@ -2300,17 +2313,9 @@ class User implements IDBAccessObject { throw new PasswordError( wfMessage( 'password-change-forbidden' )->text() ); } - if ( !$this->isValidPassword( $str ) ) { - global $wgMinimalPasswordLength; - $valid = $this->getPasswordValidity( $str ); - if ( is_array( $valid ) ) { - $message = array_shift( $valid ); - $params = $valid; - } else { - $message = $valid; - $params = array( $wgMinimalPasswordLength ); - } - throw new PasswordError( wfMessage( $message, $params )->text() ); + $status = $this->checkPasswordValidity( $str ); + if ( !$status->isGood() ) { + throw new PasswordError( $status->getMessage()->text() ); } } @@ -3792,6 +3797,13 @@ class User implements IDBAccessObject { $this->loadPasswords(); + // Some passwords will give a fatal Status, which means there is + // some sort of technical or security reason for this password to + // be completely invalid and should never be checked (e.g., T64685) + if ( !$this->checkPasswordValidity( $password )->isOK() ) { + return false; + } + // Certain authentication plugins do NOT want to save // domain passwords in a mysql database, so we should // check this (in case $wgAuth->strict() is false). |