From c21b89bef7accdbadd51f28f3005d44c8c3b5cea Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Tue, 14 Jun 2016 22:03:51 +0200 Subject: [PATCH] Allow nulling a password --- .../install/files/lib/data/user/UserEditor.class.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/wcfsetup/install/files/lib/data/user/UserEditor.class.php b/wcfsetup/install/files/lib/data/user/UserEditor.class.php index 92415beb85..b8b11f7cb7 100644 --- a/wcfsetup/install/files/lib/data/user/UserEditor.class.php +++ b/wcfsetup/install/files/lib/data/user/UserEditor.class.php @@ -71,8 +71,13 @@ class UserEditor extends DatabaseObjectEditor implements IEditableCachedObject { */ public function update(array $parameters = []) { // update salt and create new password hash - if (isset($parameters['password']) && $parameters['password'] !== '') { - $parameters['password'] = PasswordUtil::getDoubleSaltedHash($parameters['password']); + if (array_key_exists('password', $parameters) && $parameters['password'] !== '') { + if ($parameters['password'] === null) { + $parameters['password'] = 'invalid:'; + } + else { + $parameters['password'] = PasswordUtil::getDoubleSaltedHash($parameters['password']); + } $parameters['accessToken'] = StringUtil::getRandomID(); // update accessToken -- 2.20.1