[Patches] [PATCH] [SIGNED-OFF] Bug 6854: Correct a double password encryption
koha-patchbot at kohaaloha.com
koha-patchbot at kohaaloha.com
Fri Nov 4 19:52:19 NZDT 2011
From: =?UTF-8?q?Fr=C3=A9d=C3=A9rick=20Capovilla?= <frederick.capovilla at sys-tech.net>
Date: Wed, 7 Sep 2011 14:15:35 -0400
Subject: [PATCH] [SIGNED-OFF] Bug 6854: Correct a double password encryption
problem in import_borrowers.pl
When the CSV file has no password column and no default value was set for
the password :
If we try to modify an existing user, the password from the BD is sent
to ModMember, which then encrypts the already-encrypted password a
second time.
http://bugs.koha-community.org/show_bug.cgi?id=6854
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Confirmed bug on current master.
1) Import new patron with password provided
> OPAC login works
2) Overwrite patron record, password provided
> OPAC login works
3) Overwrite patron record, password not provided
Before patch: OPAC login broken, password in database changed
After patch: OPC login works with same password as before
---
tools/import_borrowers.pl | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/tools/import_borrowers.pl b/tools/import_borrowers.pl
index 74a5889..a7e9142 100755
--- a/tools/import_borrowers.pl
+++ b/tools/import_borrowers.pl
@@ -243,6 +243,10 @@ if ( $uploadborrowers && length($uploadborrowers) > 0 ) {
for my $col (keys %borrower) {
# use values from extant patron unless our csv file includes this column or we provided a default.
# FIXME : You cannot update a field with a perl-evaluated false value using the defaults.
+
+ # The password is always encrypted, skip it!
+ next if $col eq 'password';
+
unless(exists($csvkeycol{$col}) || $defaults{$col}) {
$borrower{$col} = $member->{$col} if($member->{$col}) ;
}
--
1.7.5.4
More information about the Patches
mailing list