Brage Change Management / Bugs / #13 Blank "password" column causes user creation to fail in http mode

#13 Blank "password" column causes user creation to fail in http mode

Milestone: v0.1.0-RC1

Status: open

Owner: nobody

Labels: None

Priority: 7

Updated: 2014-10-13

Created: 2014-10-13

Creator: Dan Fuhry

Private: No

When creating a new account on Brage-CM installations using HTTP authentication ($conf['authtype'] = 'http'), the password field is disabled in the form. This means browsers do not send the element's value via POST. However, because of faulty logic in the POST processing code, the field is never populated at all and this yields a syntactically invalid SQL query.

The faulty logic is:

if ( !empty($arr_post['password1']) ){
    $arr_records['password']    = do_quote(md5($arr_post['password1']));
}

The attached patch will resolve the issue. I will upload a complete version of admin_user in a comment.

1 Attachments

brage-svnr579-user-create-sso.patch

Discussion

Dan Fuhry - 2014-10-13

admin_user.php fixed version.

admin_user.php

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Blank "password" column causes user creation to fail in http mode

Group

Searches

Help

#13 Blank "password" column causes user creation to fail in http mode

Discussion