(bug 30636) integrate the remaining functionality of the PasswordReset extension into core, to make the fact that its Special:PasswordReset conflicts (as of 1.18) with the new core special page of the same name no longer relevant.
The extension just allows admins with the 'passwordreset' permission to arbitrarily change other users' passwords, which is really scary. This core change uses the same permission, but instead gives them the ability to view the password reset email that would be sent to another user. So they can record the temporary password, and give it to the user via a medium other than email; but when the user logs in with it they will be forced to change it and the admin will no longer know what it is.
It would be nice to log these viewing actions, but I'm not sure which log it should go into, or whether it's worth creating a new one just for this (rare and disabled-by-default) action.
dépôts / lhc / web / wiklou.git / commit