[Zope-PTK] Old password reset bug is back
Shane Hathaway
shane@digicool.com
Thu, 07 Sep 2000 10:54:47 -0400
Andy Dawkins wrote:
>
> Back in the days of Zope 2.1.6 there was an issue that if you went in to a
> user object to change the users role you had to change the password before
> you could save the changes.
>
> The patch for this, which has made its way in to 2.2.1, is if the password
> field contains the value 'password' and if the confirm field contains the
> value 'confirm' then the password would not be changed.
>
> This works......
> ...except in the PTK
>
> In the PTK if the password field contains 'password' and the confirm field
> contain 'confirm' then the password is change to None, which is not
> desirable at all.
>
> Basically there is no warning of this until that user tries logging on and
> finds his/her password doesn't work any more.
What acl_users implementation are you using?
Shane