diff options
Diffstat (limited to 'includes/User.php')
| -rw-r--r-- | includes/User.php | 40 |
1 files changed, 26 insertions, 14 deletions
diff --git a/includes/User.php b/includes/User.php index 5e5d3eed..a925a3c4 100644 --- a/includes/User.php +++ b/includes/User.php @@ -773,15 +773,24 @@ class User implements IDBAccessObject { } /** - * Check if this is a valid password for this user. Status will be good if - * the password is valid, or have an array of error messages if not. + * Check if this is a valid password for this user + * + * Create a Status object based on the password's validity. + * The Status should be set to fatal if the user should not + * be allowed to log in, and should have any errors that + * would block changing the password. + * + * If the return value of this is not OK, the password + * should not be checked. If the return value is not Good, + * the password can be checked, but the user should not be + * able to set their password to this. * * @param string $password Desired password * @return Status * @since 1.23 */ public function checkPasswordValidity( $password ) { - global $wgMinimalPasswordLength, $wgContLang; + global $wgMinimalPasswordLength, $wgMaximalPasswordLength, $wgContLang; static $blockedLogins = array( 'Useruser' => 'Passpass', 'Useruser1' => 'Passpass1', # r75589 @@ -801,6 +810,10 @@ class User implements IDBAccessObject { if ( strlen( $password ) < $wgMinimalPasswordLength ) { $status->error( 'passwordtooshort', $wgMinimalPasswordLength ); return $status; + } elseif ( strlen( $password ) > $wgMaximalPasswordLength ) { + // T64685: Password too long, might cause DoS attack + $status->fatal( 'passwordtoolong', $wgMaximalPasswordLength ); + return $status; } elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) { $status->error( 'password-name-match' ); return $status; @@ -2300,17 +2313,9 @@ class User implements IDBAccessObject { throw new PasswordError( wfMessage( 'password-change-forbidden' )->text() ); } - if ( !$this->isValidPassword( $str ) ) { - global $wgMinimalPasswordLength; - $valid = $this->getPasswordValidity( $str ); - if ( is_array( $valid ) ) { - $message = array_shift( $valid ); - $params = $valid; - } else { - $message = $valid; - $params = array( $wgMinimalPasswordLength ); - } - throw new PasswordError( wfMessage( $message, $params )->text() ); + $status = $this->checkPasswordValidity( $str ); + if ( !$status->isGood() ) { + throw new PasswordError( $status->getMessage()->text() ); } } @@ -3792,6 +3797,13 @@ class User implements IDBAccessObject { $this->loadPasswords(); + // Some passwords will give a fatal Status, which means there is + // some sort of technical or security reason for this password to + // be completely invalid and should never be checked (e.g., T64685) + if ( !$this->checkPasswordValidity( $password )->isOK() ) { + return false; + } + // Certain authentication plugins do NOT want to save // domain passwords in a mysql database, so we should // check this (in case $wgAuth->strict() is false). |