diff options
| author | Oleg Pudeyev <oleg@bsdpower.com> | 2012-10-10 00:03:13 -0400 |
|---|---|---|
| committer | Oleg Pudeyev <oleg@bsdpower.com> | 2012-10-10 00:03:13 -0400 |
| commit | cc5923ea43f84d584fc4d69ba5302b439e00c828 (patch) | |
| tree | 6201d5ebb611a08c7b77e9c60fadd1060df243b7 /phpBB/includes/auth/auth_db.php | |
| parent | 74e41e79d1a82389da7ea000550ff1100da2059d (diff) | |
| parent | 238fab3bb908013fb0d7c95278b0a2a3b7fa5bae (diff) | |
| download | forums-cc5923ea43f84d584fc4d69ba5302b439e00c828.tar forums-cc5923ea43f84d584fc4d69ba5302b439e00c828.tar.gz forums-cc5923ea43f84d584fc4d69ba5302b439e00c828.tar.bz2 forums-cc5923ea43f84d584fc4d69ba5302b439e00c828.tar.xz forums-cc5923ea43f84d584fc4d69ba5302b439e00c828.zip | |
Merge PR #993 branch 'bantu/ticket/8713' into develop
* bantu/ticket/8713:
[ticket/8713] Update untrimmed_variable() doc block.
[ticket/8713] Revert changes to ucp_profile, ucp_register and acp_users.
[ticket/8713] Trim password in auth_db to keep compatibility.
[ticket/8713] Call htmlspecialchars_decode() on transfer (e.g. ftp) passwords.
[ticket/8713] Rename untrimed_variable() to untrimmed_variable().
[ticket/8713] DRY: variable() and untrimed_variable() into a protected method.
[ticket/8713] Fix type_cast_helper.php doc blocks: Add punctuation etc.
[ticket/8713] Always trim array keys.
[ticket/8713] Add simple (non-nested) test case for untrimmed set_var().
[ticket/8713] Use \t in double quotes instead of tabs.
[ticket/8713] Use correct parameter for nested data.
[ticket/8713] Adjust test method name to other recursive_set_var() tests.
[ticket/8713] Do not trim login inputs
Diffstat (limited to 'phpBB/includes/auth/auth_db.php')
| -rw-r--r-- | phpBB/includes/auth/auth_db.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index 76790e4dad..ac944532a5 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -41,6 +41,10 @@ function login_db($username, $password, $ip = '', $browser = '', $forwarded_for global $db, $config; global $request; + // Auth plugins get the password untrimmed. + // For compatibility we trim() here. + $password = trim($password); + // do not allow empty password if (!$password) { |