From 579507e7f728a070629649aad07e4e1c8fb7510a Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 4 Jan 2018 11:00:35 -0300 Subject: [PATCH] Bug 19911: Do not escape html characters when saving passwords When the password is not generated automatically, we should not escape the html characters. Otherwise it will be changed without any warnings. Signed-off-by: Arturo Signed-off-by: Katrin Fischer Signed-off-by: Jonathan Druart --- opac/opac-memberentry.pl | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl index 9ec5005d02..12eebbb813 100755 --- a/opac/opac-memberentry.pl +++ b/opac/opac-memberentry.pl @@ -441,10 +441,15 @@ sub ParseCgiForBorrower { my $scrubber = C4::Scrubber->new(); my %borrower; - foreach ( $cgi->param ) { - if ( $_ =~ '^borrower_' ) { - my ($key) = substr( $_, 9 ); - $borrower{$key} = $scrubber->scrub( scalar $cgi->param($_) ); + foreach my $field ( $cgi->param ) { + if ( $field =~ '^borrower_' ) { + my ($key) = substr( $field, 9 ); + if ( $field !~ '^borrower_password' ) { + $borrower{$key} = $scrubber->scrub( scalar $cgi->param($field) ); + } else { + # Allow html characters for passwords + $borrower{$key} = $cgi->param($field); + } } } -- 2.39.5