From 0f83ac98c753efbae7e33619be717327a820f2e1 Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Thu, 31 Jan 2019 16:30:25 -0300 Subject: [PATCH] Bug 22253: Check we actually need to update the password This patch makes memberentry.pl check if password needs to be updated before attempting to call set_password. Above this there's a check that won't raise any errors if no password is passed, or the default string (****) is received. So we could reach that line of code with no password, but the code wouldn't check that. To test: - In master, edit any patron without changing the password => FAIL: It raises an exception - Apply this patch - Edit the patron withtout changing the password => SUCCESS: Edit successful - Edit the patron, changing the password - Try to login with the new password => SUCCESS: The password got changed correctly - Sigh off :-D Signed-off-by: Owen Leonard Signed-off-by: Josef Moravec Signed-off-by: Nick Clemens --- members/memberentry.pl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/members/memberentry.pl b/members/memberentry.pl index 788f76ce13..031a8e1314 100755 --- a/members/memberentry.pl +++ b/members/memberentry.pl @@ -536,7 +536,10 @@ if ((!$nok) and $nodouble and ($op eq 'insert' or $op eq 'save')){ # patron attributes or messaging preferences sections # should never raise an exception as password validity is checked above - $patron->set_password({ password => $newdata{password} }); + my $password = $newdata{password}; + if ( $password and $password ne '****' ) { + $patron->set_password({ password => $password }); + } if (C4::Context->preference('ExtendedPatronAttributes') and $input->param('setting_extended_patron_attributes')) { C4::Members::Attributes::SetBorrowerAttributes($borrowernumber, $extended_patron_attributes); -- 2.39.5