[Zope-PTK] Old password reset bug is back

Andy Dawkins andyd@nipltd.com
Thu, 7 Sep 2000 15:43:30 +0100


Back in the days of Zope 2.1.6 there was an issue that if you went in to a
user object to change the users role you had to change the password before
you could save the changes.

The patch for this, which has made its way in to 2.2.1, is if the password
field contains the value 'password' and if the confirm field contains the
value 'confirm' then the password would not be changed.

This works......
...except in the PTK

In the PTK if the password field contains 'password' and the confirm field
contain 'confirm' then the password is change to None, which is not
desirable at all.

Basically there is no warning of this until that user tries logging on and
finds his/her password doesn't work any more.

Any chance of a fix?

Cheers.
-Andy