[Patches] [PATCH] [SIGNED-OFF] Bug 6854: Correct a double password encryption

koha-patchbot at kohaaloha.com koha-patchbot at kohaaloha.com
Fri Nov 4 19:52:19 NZDT 2011


From: =?UTF-8?q?Fr=C3=A9d=C3=A9rick=20Capovilla?= <frederick.capovilla at sys-tech.net>
Date: Wed, 7 Sep 2011 14:15:35 -0400
Subject: [PATCH] [SIGNED-OFF] Bug 6854: Correct a double password encryption
 problem in import_borrowers.pl

When the CSV file has no password column and no default value was set for
the password :
If we try to modify an existing user, the password from the BD is sent
to ModMember, which then encrypts the already-encrypted password a
second time.

http://bugs.koha-community.org/show_bug.cgi?id=6854

Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Confirmed bug on current master.
1) Import new patron with password provided
> OPAC login works
2) Overwrite patron record, password provided
> OPAC login works
3) Overwrite patron record, password not provided
Before patch: OPAC login broken, password in database changed
After patch: OPC login works with same password as before
---
 tools/import_borrowers.pl |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/tools/import_borrowers.pl b/tools/import_borrowers.pl
index 74a5889..a7e9142 100755
--- a/tools/import_borrowers.pl
+++ b/tools/import_borrowers.pl
@@ -243,6 +243,10 @@ if ( $uploadborrowers && length($uploadborrowers) > 0 ) {
             for my $col (keys %borrower) {
                 # use values from extant patron unless our csv file includes this column or we provided a default.
                 # FIXME : You cannot update a field with a  perl-evaluated false value using the defaults.
+
+                # The password is always encrypted, skip it!
+                next if $col eq 'password';
+
                 unless(exists($csvkeycol{$col}) || $defaults{$col}) {
                     $borrower{$col} = $member->{$col} if($member->{$col}) ;
                 }
-- 
1.7.5.4


More information about the Patches mailing list