From 3efe98787c352f31213ed608ce188a9fcec9f140 Mon Sep 17 00:00:00 2001 From: Johan Cwiklinski Date: Sat, 22 Aug 2020 09:30:35 +0200 Subject: [PATCH] Ensure self subscription captcha is not inspected as a password; closes #1478 --- galette/lib/Galette/Controllers/Crud/MembersController.php | 7 +++++-- galette/lib/Galette/Entity/FieldsConfig.php | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/galette/lib/Galette/Controllers/Crud/MembersController.php b/galette/lib/Galette/Controllers/Crud/MembersController.php index 43df6eb73..b1b2510d3 100644 --- a/galette/lib/Galette/Controllers/Crud/MembersController.php +++ b/galette/lib/Galette/Controllers/Crud/MembersController.php @@ -1506,6 +1506,9 @@ class MembersController extends CrudController || !crypt($post['mdp_adh'], $post['mdp_crypt']) == $post['mdp_crypt'] ) { $error_detected[] = __('Please repeat in the field the password shown in the image.'); + } else { + unset($post['mdp_adh']); + unset($post['mdp_crypt']); } } @@ -1533,8 +1536,8 @@ class MembersController extends CrudController // flagging required fields $fc = $this->fields_config; - // password required if we create a new member - if ($member->id != '') { + // password required if we create a new member but not from self subscription + if ($member->id != '' || isset($args['self'])) { $fc->setNotRequired('mdp_adh'); } diff --git a/galette/lib/Galette/Entity/FieldsConfig.php b/galette/lib/Galette/Entity/FieldsConfig.php index 29e43069a..f22469e95 100644 --- a/galette/lib/Galette/Entity/FieldsConfig.php +++ b/galette/lib/Galette/Entity/FieldsConfig.php @@ -573,7 +573,7 @@ class FieldsConfig if ($selfs === true) { //email, login and password are always required for self subscription - $srequireds = ['email_adh', 'mdp_adh', 'login_adh']; + $srequireds = ['email_adh', 'login_adh']; if (in_array($o->field_id, $srequireds)) { $o->required = true; } -- 2.39.2