@@ -74,6 +74,8 @@ class User < ActiveRecord::Base # Returns the user that matches provided login and password, or nil def self.try_to_login(login, password) + # Make sure no one can sign in with an empty password + return nil if password.to_s.empty? user = find(:first, :conditions => ["login=?", login]) if user # user is already in local database app/models/user.rb abaeecbaa9539e2497a34b7391799a81c3d0b29b Jean-Philippe Lang jp_lang@yahoo.fr http://github.com/edavis10/redmine/commit/a677817003fc065a3a6362c429ffe1a611067e49 a677817003fc065a3a6362c429ffe1a611067e49 2008-03-12T10:57:46-07:00 2008-03-12T10:57:46-07:00 Merged r1231 from trunk. git-svn-id: http://redmine.rubyforge.org/svn/branches/0.6-stable@1232 e93f8b46-1217-0410-a6f0-8f06a7374b81 9ebeb713b2ef06c31733fdbb9cff55f963740f0c Jean-Philippe Lang jp_lang@yahoo.fr