Fix first part of Password handling security issue2550688 (thanks

[roundup.git] / roundup / roundupdb.py

diff --git a/roundup/roundupdb.py b/roundup/roundupdb.py
index fd4e0ba6c33b0e6615d73e5b86f1664af2218cc4..06d3a6018a1c2fcedc8d8d5f656cf8eefa104457 100644 (file)
--- a/roundup/roundupdb.py
+++ b/roundup/roundupdb.py
@@ -103,8 +103,7 @@ class Database:
             elif isinstance(proptype, hyperdb.Interval):
                 props[propname] = date.Interval(value)
             elif isinstance(proptype, hyperdb.Password):
-                props[propname] = password.Password()
-                props[propname].unpack(value)
+                props[propname] = password.Password(encrypted=value)
 
         # tag new user creation with 'admin'
         self.journaltag = 'admin'
@@ -241,7 +240,7 @@ class IssueClass:
                 user or a user who has already seen the message.
                 Also check permissions on the message if not a system
                 message: A user must have view permission on content and
-                files to be on the receiver list. We do *not* check the 
+                files to be on the receiver list. We do *not* check the
                 author etc. for now.
             """
             allowed = True