[Zope-PTK] Old password reset bug is back

Shane Hathaway shane@digicool.com
Thu, 07 Sep 2000 10:54:47 -0400


Andy Dawkins wrote:
> 
> Back in the days of Zope 2.1.6 there was an issue that if you went in to a
> user object to change the users role you had to change the password before
> you could save the changes.
> 
> The patch for this, which has made its way in to 2.2.1, is if the password
> field contains the value 'password' and if the confirm field contains the
> value 'confirm' then the password would not be changed.
> 
> This works......
> ...except in the PTK
> 
> In the PTK if the password field contains 'password' and the confirm field
> contain 'confirm' then the password is change to None, which is not
> desirable at all.
> 
> Basically there is no warning of this until that user tries logging on and
> finds his/her password doesn't work any more.

What acl_users implementation are you using?

Shane