BUGFIX Keep Member.PasswordEncryption setting on empty passwords

This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).

security/Security.php

@@ -835,18 +835,9 @@ class Security extends Controller {
 	 * @see encrypt_passwords()
 	 * @see set_password_encryption_algorithm()
 	 */
-	static function encrypt_password($password, $salt = null, $algorithm = null, $member = null) {
-		if(
-			// if the password is empty, don't encrypt
-			strlen(trim($password)) == 0  
-			// if no algorithm is provided and no default is set, don't encrypt
-			|| (!$algorithm && self::$encryptPasswords == false)
-		) {
-			$algorithm = 'none';
-		} else {
+	public static function encrypt_password($password, $salt = null, $algorithm = null, $member = null) {
 		// Fall back to the default encryption algorithm
 		if(!$algorithm) $algorithm = self::$encryptionAlgorithm;
-		} 
 		
 		$e = PasswordEncryptor::create_for_algorithm($algorithm);
 
@@ -929,5 +920,5 @@ class Security extends Controller {
 		return self::$default_login_dest;
 	}
 
-}
+	}
 ?>

tests/security/MemberTest.php

@@ -115,6 +115,23 @@ class MemberTest extends FunctionalTest {
 		Security::set_password_encryption_algorithm($origAlgo);
 	}
 
+	public function testKeepsEncryptionOnEmptyPasswords() {
+		$member = new Member();
+		$member->Password = 'mypassword';
+		$member->PasswordEncryption = 'sha1_v2.4';
+		$member->write();
+		
+		$member->Password = '';
+		$member->write();
+		
+		$this->assertEquals(
+			$member->PasswordEncryption, 
+			'sha1_v2.4'
+		);
+		$result = $member->checkPassword('');
+		$this->assertTrue($result->valid());
+	}
+	
 	function testSetPassword() {
 		$member = $this->objFromFixture('Member', 'test');
 		$member->Password = "test1";