From c72069b098ae0cd6bb1a662fcdbd28706e9aca45 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Wed, 27 Mar 2013 13:45:10 +0400
Subject: [PATCH] pref_users: do not escape password to prevent special
 character mishandling; remove inconsistent trimming of passwords

---
 classes/pref/users.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/pref/users.php b/classes/pref/users.php
index 4055bca4..45260fd9 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -203,7 +203,7 @@ class Pref_Users extends Handler_Protected {
 			$uid = db_escape_string($this->link, $_REQUEST["id"]);
 			$access_level = (int) $_REQUEST["access_level"];
 			$email = db_escape_string($this->link, trim($_REQUEST["email"]));
-			$password = db_escape_string($this->link, trim($_REQUEST["password"]));
+			$password = $_REQUEST["password"];
 
 			if ($password) {
 				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
-- 
2.39.2