diff --git a/doc/CHANGES.txt b/doc/CHANGES.txt index 35d78bf001e1efdf3681ce5bcfe874f2b2d43a54..303744e396c4d07cd83864ef0a7d7ab802722524 100755 --- a/doc/CHANGES.txt +++ b/doc/CHANGES.txt @@ -13,6 +13,9 @@ Zope Changes modified in versions without this fix will have been corrupted in the zodb. + - Collector #256: Added a check in _doChangeUser to make sure + passwords isn't encrypted twice. + Zope 2.6.1 beta 1 diff --git a/lib/python/AccessControl/User.py b/lib/python/AccessControl/User.py index 2fe810d493041adb2f498a6b655a2a92353c19dc..08772a4ef8e53d506da6a96626351c23744cb46b 100644 --- a/lib/python/AccessControl/User.py +++ b/lib/python/AccessControl/User.py @@ -12,7 +12,7 @@ ############################################################################## """Access control package""" -__version__='$Revision: 1.172 $'[11:-2] +__version__='$Revision: 1.173 $'[11:-2] import Globals, socket, SpecialUsers,re import os @@ -1034,7 +1034,7 @@ class UserFolder(BasicUserFolder): def _doChangeUser(self, name, password, roles, domains, **kw): user=self.data[name] if password is not None: - if self.encrypt_passwords: + if self.encrypt_passwords and not self._isPasswordEncrypted(pw): password = self._encryptPassword(password) user.__=password user.roles=roles