Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

#86299 follow-up by coltrane and clojel: Stop users' passwords from being stored in users.data in plain-text. Ouch.

merge-requests/26/head
Angie Byron 2010-03-12 05:20:29 +00:00
parent aaf9a83db6
commit 5d0cacf825
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/user/user.module
View File

@ -391,7 +391,7 @@ function user_save($account, $edit = array(), $category = 'account') {
// Form fields that don't pertain to the users, user_roles, or
// Field API are automatically serialized into the users.data
// column.
if (!in_array($key, array('roles', 'is_new')) && empty($user_fields[$key]) && empty($field_names[$key])) {
if (!in_array($key, array('roles', 'is_new', 'current_pass_required_values', 'current_pass')) && empty($user_fields[$key]) && empty($field_names[$key])) {
if ($value === NULL) {
unset($data[$key]);
}