X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fauth%2FLocalPasswordPrimaryAuthenticationProvider.php;h=c538ee7e6d6567f0aaf7d1b9e93ccc1f50cdbc16;hb=9518265c5ca65bd16cfcc0f4ff8ada678b72773c;hp=7f93c12d4c330d4087e2b3fa5c4ad5fc903af1d6;hpb=d19826aa35b206847a568a4b2c1c9ffaa615fca5;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
index 7f93c12d4c..c538ee7e6d 100644
--- a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
+++ b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
@@ -96,7 +96,10 @@ class LocalPasswordPrimaryAuthenticationProvider
 			__METHOD__
 		);
 		if ( !$row ) {
-			return AuthenticationResponse::newAbstain();
+			// Do not reveal whether its bad username or
+			// bad password to prevent username enumeration
+			// on private wikis. (T134100)
+			return $this->failResponse( $req );
 		}
 
 		$oldRow = clone $row;
@@ -133,7 +136,8 @@ class LocalPasswordPrimaryAuthenticationProvider
 		// @codeCoverageIgnoreStart
 		if ( $this->getPasswordFactory()->needsUpdate( $pwhash ) ) {
 			$newHash = $this->getPasswordFactory()->newFromPlaintext( $req->password );
-			\DeferredUpdates::addCallableUpdate( function () use ( $newHash, $oldRow ) {
+			$fname = __METHOD__;
+			\DeferredUpdates::addCallableUpdate( function () use ( $newHash, $oldRow, $fname ) {
 				$dbw = wfGetDB( DB_MASTER );
 				$dbw->update(
 					'user',
@@ -142,7 +146,7 @@ class LocalPasswordPrimaryAuthenticationProvider
 						'user_id' => $oldRow->user_id,
 						'user_password' => $oldRow->user_password
 					],
-					__METHOD__
+					$fname
 				);
 			} );
 		}