Allow nulling a password
authorTim Düsterhus <duesterhus@woltlab.com>
Tue, 14 Jun 2016 20:03:51 +0000 (22:03 +0200)
committerTim Düsterhus <duesterhus@woltlab.com>
Fri, 29 Jul 2016 20:47:22 +0000 (22:47 +0200)
wcfsetup/install/files/lib/data/user/UserEditor.class.php

index 92415beb85e32a1e64a547c107cf2281505ffa08..b8b11f7cb76eb0134a1160bac0892775d7240005 100644 (file)
@@ -71,8 +71,13 @@ class UserEditor extends DatabaseObjectEditor implements IEditableCachedObject {
         */
        public function update(array $parameters = []) {
                // update salt and create new password hash
-               if (isset($parameters['password']) && $parameters['password'] !== '') {
-                       $parameters['password'] = PasswordUtil::getDoubleSaltedHash($parameters['password']);
+               if (array_key_exists('password', $parameters) && $parameters['password'] !== '') {
+                       if ($parameters['password'] === null) {
+                               $parameters['password'] = 'invalid:';
+                       }
+                       else {
+                               $parameters['password'] = PasswordUtil::getDoubleSaltedHash($parameters['password']);
+                       }
                        $parameters['accessToken'] = StringUtil::getRandomID();
                        
                        // update accessToken