X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fpassword%2FPasswordPolicyChecks.php;h=3c565359d9664d6710d41d6948636614d2fb8cb8;hb=ecba4509dd2b78fa9ed54fa4e573d1818b2ff290;hp=502f1e024cff5a4cf0ac5638662429653a33c540;hpb=16ef3e79c4c52aa6b74563b7eadcfc9792e7a4c4;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/password/PasswordPolicyChecks.php b/includes/password/PasswordPolicyChecks.php
index 502f1e024c..3c565359d9 100644
--- a/includes/password/PasswordPolicyChecks.php
+++ b/includes/password/PasswordPolicyChecks.php
@@ -21,6 +21,8 @@
  */
 
 use Cdb\Reader as CdbReader;
+use MediaWiki\MediaWikiServices;
+use Wikimedia\PasswordBlacklist;
 
 /**
  * Functions to check passwords against a policy requirement
@@ -81,10 +83,12 @@ class PasswordPolicyChecks {
 	 * @return Status error if username and password match, and policy is true
 	 */
 	public static function checkPasswordCannotMatchUsername( $policyVal, User $user, $password ) {
-		global $wgContLang;
 		$status = Status::newGood();
 		$username = $user->getName();
-		if ( $policyVal && $wgContLang->lc( $password ) === $wgContLang->lc( $username ) ) {
+		$contLang = MediaWikiServices::getInstance()->getContentLanguage();
+		if (
+			$policyVal && hash_equals( $contLang->lc( $username ), $contLang->lc( $password ) )
+		) {
 			$status->error( 'password-name-match' );
 		}
 		return $status;
@@ -106,12 +110,15 @@ class PasswordPolicyChecks {
 		$status = Status::newGood();
 		$username = $user->getName();
 		if ( $policyVal ) {
-			if ( isset( $blockedLogins[$username] ) && $password == $blockedLogins[$username] ) {
+			if (
+				isset( $blockedLogins[$username] ) &&
+				hash_equals( $blockedLogins[$username], $password )
+			) {
 				$status->error( 'password-login-forbidden' );
 			}
 
 			// Example from ApiChangeAuthenticationRequest
-			if ( $password === 'ExamplePassword' ) {
+			if ( hash_equals( 'ExamplePassword', $password ) ) {
 				$status->error( 'password-login-forbidden' );
 			}
 		}
@@ -164,4 +171,25 @@ class PasswordPolicyChecks {
 		return $status;
 	}
 
+	/**
+	 * Ensure the password isn't in the list of passwords blacklisted by the
+	 * wikimedia/password-blacklist library
+	 *
+	 * @param bool $policyVal Whether to apply this policy
+	 * @param User $user
+	 * @param string $password
+	 *
+	 * @since 1.33
+	 *
+	 * @return Status
+	 */
+	public static function checkPasswordNotInLargeBlacklist( $policyVal, User $user, $password ) {
+		$status = Status::newGood();
+		if ( $policyVal && PasswordBlacklist\PasswordBlacklist::isBlacklisted( $password ) ) {
+			$status->error( 'passwordinlargeblacklist' );
+		}
+
+		return $status;
+	}
+
 }