From 328467f1b571f0d9e03bd27222e06e3da5d5042e Mon Sep 17 00:00:00 2001
From: Hamish Friedlander <hamish@silverstripe.com>
Date: Thu, 20 Jun 2013 14:08:46 +1200
Subject: [PATCH] FIX: ConfirmedPasswordField used to expose existing hash

---
 forms/ConfirmedPasswordField.php           |  5 ++++-
 tests/forms/ConfirmedPasswordFieldTest.php | 20 ++++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/forms/ConfirmedPasswordField.php b/forms/ConfirmedPasswordField.php
index 58e2681a4..3f683e5bb 100644
--- a/forms/ConfirmedPasswordField.php
+++ b/forms/ConfirmedPasswordField.php
@@ -239,7 +239,10 @@ class ConfirmedPasswordField extends FormField {
 	 *
 	 * @return ConfirmedPasswordField
 	 */
-	public function setValue($value) {
+	public function setValue($value, $data = null) {
+		// If $data is a DataObject, don't use the value, since it's a hashed value
+		if ($data && $data instanceof DataObject) $value = '';
+
 		if(is_array($value)) {
 			if($value['_Password'] || (!$value['_Password'] && !$this->canBeEmpty)) {
 				$this->value = $value['_Password'];
diff --git a/tests/forms/ConfirmedPasswordFieldTest.php b/tests/forms/ConfirmedPasswordFieldTest.php
index 4f7bfc213..abe8a9794 100644
--- a/tests/forms/ConfirmedPasswordFieldTest.php
+++ b/tests/forms/ConfirmedPasswordFieldTest.php
@@ -15,6 +15,26 @@ class ConfirmedPasswordFieldTest extends SapphireTest {
 		$this->assertEquals('valueB', $field->children->fieldByName($field->getName() . '[_ConfirmPassword]')->Value());
 	}
 
+	public function testHashHidden() {
+		$field = new ConfirmedPasswordField('Password', 'Password', 'valueA');
+		$field->setCanBeEmpty(true);
+
+		$this->assertEquals('valueA', $field->Value());
+		$this->assertEquals('valueA', $field->children->fieldByName($field->getName() . '[_Password]')->Value());
+		$this->assertEquals('valueA', $field->children->fieldByName($field->getName() . '[_ConfirmPassword]')->Value());
+
+		$member = new Member();
+		$member->Password = "valueB";
+		$member->write();
+
+		$form = new Form($this, 'Form', new FieldList($field), new FieldList());
+		$form->loadDataFrom($member);
+
+		$this->assertEquals('', $field->Value());
+		$this->assertEquals('', $field->children->fieldByName($field->getName() . '[_Password]')->Value());
+		$this->assertEquals('', $field->children->fieldByName($field->getName() . '[_ConfirmPassword]')->Value());
+	}
+
 	public function testSetShowOnClick() {
 		//hide by default and display show/hide toggle button
 		$field = new ConfirmedPasswordField('Test', 'Testing', 'valueA', null, true);