X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fpassword%2FPasswordPolicyChecks.php;h=b3776bd86249d02a954302be40291afd493006b5;hb=fb4e63ba3fcf636fc309d7ff05bedc71b2de19ee;hp=b1098f5b842f4e34a45ddf885c133b04cc350611;hpb=174f34a86de3162bc673fd3bc6bed815cccf0edc;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/password/PasswordPolicyChecks.php b/includes/password/PasswordPolicyChecks.php
index b1098f5b84..b3776bd862 100644
--- a/includes/password/PasswordPolicyChecks.php
+++ b/includes/password/PasswordPolicyChecks.php
@@ -98,18 +98,22 @@ class PasswordPolicyChecks {
 	 * @return Status error if username and password match, and policy is true
 	 */
 	public static function checkPasswordCannotMatchBlacklist( $policyVal, User $user, $password ) {
-		static $blockedLogins = array(
+		static $blockedLogins = [
 			'Useruser' => 'Passpass', 'Useruser1' => 'Passpass1', # r75589
 			'Apitestsysop' => 'testpass', 'Apitestuser' => 'testpass' # r75605
-		);
+		];
 
 		$status = Status::newGood();
 		$username = $user->getName();
-		if ( $policyVal
-			&& isset( $blockedLogins[$username] )
-			&& $password == $blockedLogins[$username]
-		) {
-			$status->error( 'password-login-forbidden' );
+		if ( $policyVal ) {
+			if ( isset( $blockedLogins[$username] ) && $password == $blockedLogins[$username] ) {
+				$status->error( 'password-login-forbidden' );
+			}
+
+			// Example from ApiChangeAuthenticationRequest
+			if ( $password === 'ExamplePassword' ) {
+				$status->error( 'password-login-forbidden' );
+			}
 		}
 		return $status;
 	}
@@ -117,11 +121,11 @@ class PasswordPolicyChecks {
 	/**
 	 * Ensure that password isn't in top X most popular passwords
 	 *
-	 * @param $policyVal int Cut off to use. Will automatically shrink to the max
+	 * @param int $policyVal Cut off to use. Will automatically shrink to the max
 	 *   supported for error messages if set to more than max number of passwords on file,
 	 *   so you can use the PHP_INT_MAX constant here safely.
-	 * @param $user User
-	 * @param $password String
+	 * @param User $user
+	 * @param string $password
 	 * @since 1.27
 	 * @return Status
 	 */
@@ -136,7 +140,7 @@ class PasswordPolicyChecks {
 			// in the common password file. Also check '' for people who use
 			// just whitespace.
 			$sitename = $langEn->lc( trim( $wgSitename ) );
-			$hardcodedCommonPasswords = array( '', 'wiki', 'mediawiki', $sitename );
+			$hardcodedCommonPasswords = [ '', 'wiki', 'mediawiki', $sitename ];
 			if ( in_array( $passwordKey, $hardcodedCommonPasswords ) ) {
 				$status->error( 'passwordtoopopular' );
 				return $status;