diff options
author | Brett Profitt <brett.profitt@gmail.com> | 2012-04-18 20:22:54 -0700 |
---|---|---|
committer | Brett Profitt <brett.profitt@gmail.com> | 2012-04-18 20:22:54 -0700 |
commit | 8aad9f081b9fd83f8cd8358547234fbdcdaf9611 (patch) | |
tree | 98ec37f919182a4c0c582752614443ea4d648ca1 /engine/lib | |
parent | f2a80038cddec5ed86b3dd9edb31cf07e3376de8 (diff) | |
download | elgg-8aad9f081b9fd83f8cd8358547234fbdcdaf9611.tar.gz elgg-8aad9f081b9fd83f8cd8358547234fbdcdaf9611.tar.bz2 |
Fixes #1301. Not filtering passwords.
Diffstat (limited to 'engine/lib')
-rw-r--r-- | engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php | 11 | ||||
-rw-r--r-- | engine/lib/user_settings.php | 6 |
2 files changed, 14 insertions, 3 deletions
diff --git a/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php b/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php new file mode 100644 index 000000000..b82ffbebf --- /dev/null +++ b/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php @@ -0,0 +1,11 @@ +<?php +/** + * Elgg 1.8.3 upgrade 2012041800 + * dont_filter_passwords + * + * Add admin notice that password handling has changed and if + * users can't login to have them reset their passwords. + */ +elgg_add_admin_notice('dont_filter_passwords', 'Password handling has been updated to be more secure and flexible. ' + . 'This change may prevent a small number of users from logging in with their existing passwords. ' + . 'If a user is unable to log in, please advise him or her to reset their password, or reset it as an admin user.'); diff --git a/engine/lib/user_settings.php b/engine/lib/user_settings.php index af30d8f0d..e4069fb53 100644 --- a/engine/lib/user_settings.php +++ b/engine/lib/user_settings.php @@ -33,9 +33,9 @@ function users_settings_save() { * @access private */ function elgg_set_user_password() { - $current_password = get_input('current_password'); - $password = get_input('password'); - $password2 = get_input('password2'); + $current_password = get_input('current_password', null, false); + $password = get_input('password', null, false); + $password2 = get_input('password2', null, false); $user_guid = get_input('guid'); if (!$user_guid) { |