Changed the name of local variables, added a local variable, avoided …

…cSpell errors on a line

core/modules/user/tests/user.test

@@ -2092,7 +2092,7 @@ class UserEditTestCase extends BackdropWebTestCase {
     $this->assertRaw(t("Your current password is missing or incorrect; it's required to change the %name.", array('%name' => t('E-mail address'))));
     // For the third attempt error from the flood control is received.
     $this->backdropPost("user/$user1->uid/edit", $edit, t('Save'));
-    $this->assertRaw(t('Sorry, you have entered incorrect password more than @count times. Changes to fields that require current password are temporarily blocked. Try again later.', array('@count' => variable_get('user_failed_login_user_limit', 2))));
+    $this->assertRaw(t('Sorry, you have entered the incorrect password more than @count times. Changes to fields that require current password are temporarily blocked. Try again later.', array('@count' => variable_get('user_failed_login_user_limit', 2))));
 
     // Test that multiple failed password validations with an empty password
     // does not trigger flood control.

core/modules/user/user.module

@@ -432,6 +432,7 @@ function user_password($length = 10) {
   // password. Note that the number 0 and the letter 'O' have been
   // removed to avoid confusion between the two. The same is true
   // of 'I', 1, and 'l'.
+  // cSpell:ignore-next abcdefghijkmnopqrstuvwxyz
   $allowable_characters = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789';
 
   // Zero-based count of characters in the allowable list:
@@ -1055,23 +1056,28 @@ function user_validate_current_pass(&$form, &$form_state) {
       // Default is to allow 5 failed passwords validations every 6 hours to
       // prevent brute force attacks.
       $identifier = $account->uid;
-      $user_pass_reset_user_window = $flood_config->get('flood_user_window', 21600);
-      $user_pass_reset_user_limit = $flood_config->get('flood_user_limit', 5);
-      if (!flood_is_allowed('failed_pass_validation_user', $user_pass_reset_user_limit, $user_pass_reset_user_window, $identifier)) {
-        form_set_error('current_pass', format_plural($user_pass_reset_user_limit, 'Sorry, you have entered incorrect password more than once. Changes to fields that require current password are temporarily blocked. Try again later.', 'Sorry, you have entered incorrect password more than @count times. Changes to fields that require current password are temporarily blocked. Try again later.'));
+      $pass_reset_window = $flood_config->get('flood_user_window', 21600);
+      $pass_reset_limit = $flood_config->get('flood_user_limit', 5);
+      if (!flood_is_allowed('failed_pass_validation_user', $pass_reset_limit, $pass_reset_window, $identifier)) {
+        form_set_error('current_pass',
+          format_plural($pass_reset_limit,
+            'Sorry, you have entered the incorrect password more than once. Changes to fields that require current password are temporarily blocked. Try again later.',
+            'Sorry, you have entered the incorrect password more than @count times. Changes to fields that require current password are temporarily blocked. Try again later.'
+          ));
         break;
       }
 
       require_once BACKDROP_ROOT . '/' . settings_get('password_inc', 'core/includes/password.inc');
-      $current_pass_failed = strlen(trim($form_state['values']['current_pass'])) === 0 || !user_check_password($form_state['values']['current_pass'], $account);
+      $trim_pass_len = strlen(trim($form_state['values']['current_pass']));
+      $current_pass_failed = $trim_pass_len === 0 || !user_check_password($form_state['values']['current_pass'], $account);
       if ($current_pass_failed) {
         form_set_error('current_pass', t("Your current password is missing or incorrect; it's required to change the %name.", array('%name' => $name)));
         form_set_error($key);
 
         // Register failed password validation flood event based on the uid, if
         // the password was entered.
-        if (strlen(trim($form_state['values']['current_pass'])) > 0) {
-          flood_register_event('failed_pass_validation_user', $user_pass_reset_user_window, $identifier);
+        if ($trim_pass_len > 0) {
+          flood_register_event('failed_pass_validation_user', $pass_reset_window, $identifier);
         }
       }
       // We only need to check the password once.