dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SECURITY: Do not allow botpassword login if account locked.
[lhc/web/wiklou.git] / includes / user / BotPassword.php
diff --git a/includes/user/BotPassword.php b/includes/user/BotPassword.php
index 2228feb..5762120 100644 (file)
--- a/includes/user/BotPassword.php
+++ b/includes/user/BotPassword.php
@@ -470,6 +470,10 @@ class BotPassword implements IDBAccessObject {
                        return Status::newFatal( 'nosuchuser', $name );
                }
 
+               if ( $user->isLocked() ) {
+                       return Status::newFatal( 'botpasswords-locked' );
+               }
+
                // Throttle
                $throttle = null;
                if ( !empty( $wgPasswordAttemptThrottle ) ) {
Wiklou, le Wiki du Wiklou