aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authorBrett Profitt <brett.profitt@gmail.com>2012-04-18 20:22:54 -0700
committerBrett Profitt <brett.profitt@gmail.com>2012-04-18 20:22:54 -0700
commit8aad9f081b9fd83f8cd8358547234fbdcdaf9611 (patch)
tree98ec37f919182a4c0c582752614443ea4d648ca1 /engine/lib
parentf2a80038cddec5ed86b3dd9edb31cf07e3376de8 (diff)
downloadelgg-8aad9f081b9fd83f8cd8358547234fbdcdaf9611.tar.gz
elgg-8aad9f081b9fd83f8cd8358547234fbdcdaf9611.tar.bz2
Fixes #1301. Not filtering passwords.
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php11
-rw-r--r--engine/lib/user_settings.php6
2 files changed, 14 insertions, 3 deletions
diff --git a/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php b/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php
new file mode 100644
index 000000000..b82ffbebf
--- /dev/null
+++ b/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php
@@ -0,0 +1,11 @@
+<?php
+/**
+ * Elgg 1.8.3 upgrade 2012041800
+ * dont_filter_passwords
+ *
+ * Add admin notice that password handling has changed and if
+ * users can't login to have them reset their passwords.
+ */
+elgg_add_admin_notice('dont_filter_passwords', 'Password handling has been updated to be more secure and flexible. '
+ . 'This change may prevent a small number of users from logging in with their existing passwords. '
+ . 'If a user is unable to log in, please advise him or her to reset their password, or reset it as an admin user.');
diff --git a/engine/lib/user_settings.php b/engine/lib/user_settings.php
index af30d8f0d..e4069fb53 100644
--- a/engine/lib/user_settings.php
+++ b/engine/lib/user_settings.php
@@ -33,9 +33,9 @@ function users_settings_save() {
* @access private
*/
function elgg_set_user_password() {
- $current_password = get_input('current_password');
- $password = get_input('password');
- $password2 = get_input('password2');
+ $current_password = get_input('current_password', null, false);
+ $password = get_input('password', null, false);
+ $password2 = get_input('password2', null, false);
$user_guid = get_input('guid');
if (!$user_guid) {