From 74aeb9dcc7b5dd67a61c5cfd1f20443a0dd987ae Mon Sep 17 00:00:00 2001
From: Tijn Kuyper <github@tijnkuyper.nl>
Date: Mon, 4 Nov 2019 18:38:00 +0100
Subject: [PATCH] #4004 - Fix for password filter in /usersettings.php

---
 usersettings.php | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/usersettings.php b/usersettings.php
index eb0d44413..5f55e51e1 100644
--- a/usersettings.php
+++ b/usersettings.php
@@ -348,13 +348,23 @@ class usersettings_front // Begin Usersettings rewrite.
 
 		if (!empty($_POST['updatesettings']))
 		{
-			$ueVals = $_POST['ue'];
-
+			// Do not filter these values (saving)
+			$ueVals   	= $_POST['ue'];
+			$passtemp1 	= $_POST['password1'];
+			$passtemp2  = $_POST['password2'];
+			
+			// Filter the others
 			$_POST = e107::getParser()->filter($_POST);
+			
+			// Pass the original values back (restoring)
+			$_POST['ue'] 		= $ueVals;
+			$_POST['password1']	= $passtemp1;
+			$_POST['password2']	= $passtemp2; 
 
-			$_POST['ue'] = $ueVals;
-
+			// Unset temporary vars
 			unset($ueVals);
+			unset($passtemp1);
+			unset($passtemp2);
 
 			if (!vartrue($pref['auth_method']))
 			{