From: Andrew Dolgov Date: Wed, 27 Mar 2013 09:45:10 +0000 (+0400) Subject: pref_users: do not escape password to prevent special character X-Git-Tag: 1.7.6~248 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=c72069b098ae0cd6bb1a662fcdbd28706e9aca45;p=tt-rss.git pref_users: do not escape password to prevent special character mishandling; remove inconsistent trimming of passwords --- diff --git a/classes/pref/users.php b/classes/pref/users.php index 4055bca4..45260fd9 100644 --- a/classes/pref/users.php +++ b/classes/pref/users.php @@ -203,7 +203,7 @@ class Pref_Users extends Handler_Protected { $uid = db_escape_string($this->link, $_REQUEST["id"]); $access_level = (int) $_REQUEST["access_level"]; $email = db_escape_string($this->link, trim($_REQUEST["email"])); - $password = db_escape_string($this->link, trim($_REQUEST["password"])); + $password = $_REQUEST["password"]; if ($password) { $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);