From 2a6f1f1949956b4c91c5b7925707f29653dc1033 Mon Sep 17 00:00:00 2001
From: Daniel Hensby <dhensby@users.noreply.github.com>
Date: Mon, 21 Oct 2013 20:31:40 +0100
Subject: [PATCH] FIX #2496 `ConfirmedPasswordField` mismatch passwords saved

Fixes #2496

Also fixes another issue where 'Password' is hard coded as field name in `validate()`
---
 forms/ConfirmedPasswordField.php | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/forms/ConfirmedPasswordField.php b/forms/ConfirmedPasswordField.php
index 25498fe4b..35ee2224a 100644
--- a/forms/ConfirmedPasswordField.php
+++ b/forms/ConfirmedPasswordField.php
@@ -243,8 +243,12 @@ class ConfirmedPasswordField extends FormField {
 		// If $data is a DataObject, don't use the value, since it's a hashed value
 		if ($data && $data instanceof DataObject) $value = '';
 
+		//store this for later
+		$oldValue = $this->value;
+
 		if(is_array($value)) {
-			if($value['_Password'] || (!$value['_Password'] && !$this->canBeEmpty)) {
+			//only set the value if it's valid!
+			if($this->validate(RequiredFields::create())) {
 				$this->value = $value['_Password'];
 			}
 
@@ -258,11 +262,14 @@ class ConfirmedPasswordField extends FormField {
 			}
 		}
 
-		$this->children->fieldByName($this->getName() . '[_Password]')
-			->setValue($this->value);
+		//looking up field by name is expensive, so lets check it needs to change
+		if ($oldValue != $this->value) {
+			$this->children->fieldByName($this->getName() . '[_Password]')
+				->setValue($this->value);
 
-		$this->children->fieldByName($this->getName() . '[_ConfirmPassword]')
-			->setValue($this->value);
+			$this->children->fieldByName($this->getName() . '[_ConfirmPassword]')
+				->setValue($this->value);
+		}
 
 		return $this;
 	}
@@ -351,7 +358,9 @@ class ConfirmedPasswordField extends FormField {
 			}
 			$limitRegex = '/^.' . $limit . '$/';
 			if(!empty($value) && !preg_match($limitRegex,$value)) {
-				$validator->validationError('Password', $errorMsg, 
+				$validator->validationError(
+					$name,
+					$errorMsg,
 					"validation", 
 					false
 				);
@@ -361,7 +370,7 @@ class ConfirmedPasswordField extends FormField {
 		if($this->requireStrongPassword) {
 			if(!preg_match('/^(([a-zA-Z]+\d+)|(\d+[a-zA-Z]+))[a-zA-Z0-9]*$/',$value)) {
 				$validator->validationError(
-					'Password', 
+					$name,
 					_t('Form.VALIDATIONSTRONGPASSWORD',
 						"Passwords must have at least one digit and one alphanumeric character"), 
 					"validation",