diff options
| author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-03-12 05:20:29 +0000 |
|---|---|---|
| committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-03-12 05:20:29 +0000 |
| commit | 5d0cacf825af83aba0e00ed8ff9421b4e5714f0c (patch) | |
| tree | cf5eed859c5f7b62fef6997d1ab3ff506e268cc8 | |
| parent | aaf9a83db6c30255a685ffbc2420da7791dcab7a (diff) | |
| download | brdo-5d0cacf825af83aba0e00ed8ff9421b4e5714f0c.tar.gz brdo-5d0cacf825af83aba0e00ed8ff9421b4e5714f0c.tar.bz2 | |
#86299 follow-up by coltrane and clojel: Stop users' passwords from being stored in users.data in plain-text. Ouch.
| -rw-r--r-- | modules/user/user.module | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/user/user.module b/modules/user/user.module index aaa9fd3b6..0c17eaa45 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -391,7 +391,7 @@ function user_save($account, $edit = array(), $category = 'account') { // Form fields that don't pertain to the users, user_roles, or // Field API are automatically serialized into the users.data // column. - if (!in_array($key, array('roles', 'is_new')) && empty($user_fields[$key]) && empty($field_names[$key])) { + if (!in_array($key, array('roles', 'is_new', 'current_pass_required_values', 'current_pass')) && empty($user_fields[$key]) && empty($field_names[$key])) { if ($value === NULL) { unset($data[$key]); } |