[mms] Password strength testing is now case-insensitive (delrio@mie.u…

…toronto.ca; Request #12708).

framework/Auth/lib/Horde/Auth.php

@@ -436,8 +436,9 @@ static public function checkPasswordSimilarity($password, array $dict,
 
         // Check for percentages similarity also.  This will catch very simple
         // Things like "password" -> "password2" or "xpasssword"...
+        // Also, don't allow simple changing of capitalization to pass
         foreach ($dict as $test) {
-            similar_text($password, $test, $percent);
+            similar_text(Horde_String::lower($password), Horde_String::lower($test), $percent);
             if ($percent > $max) {
                 throw new Horde_Auth_Exception(Horde_Auth_Translation::t("The password is too simple to guess."));
             }

framework/Auth/package.xml

@@ -35,7 +35,7 @@
  </stability>
  <license uri="http://www.horde.org/licenses/lgpl21">LGPL-2.1</license>
  <notes>
-* 
+* [mms] Password strength testing is now case-insensitive (delrio@mie.utoronto.ca; Request #12708).
  </notes>
  <contents>
   <dir baseinstalldir="/" name="/">
@@ -892,7 +892,7 @@
    <date>2013-09-02</date>
    <license uri="http://www.horde.org/licenses/lgpl21">LGPL-2.1</license>
    <notes>
-* 
+* [mms] Password strength testing is now case-insensitive (delrio@mie.utoronto.ca; Request #12708).
    </notes>
   </release>
  </changelog>