Index: openacs-4/packages/acs-subsite/lib/user-new.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/lib/user-new.tcl,v
diff -u -N -r1.23.2.1 -r1.23.2.2
--- openacs-4/packages/acs-subsite/lib/user-new.tcl	28 Nov 2019 11:06:31 -0000	1.23.2.1
+++ openacs-4/packages/acs-subsite/lib/user-new.tcl	28 Nov 2019 12:10:03 -0000	1.23.2.2
@@ -189,9 +189,15 @@
         # as well.
         #
         security::set_client_property_password $password
-        ad_returnredirect [export_vars -base $next_url {
-            user_id {account_message $creation_info(account_message)}
-        }]
+        if {$::acs::pass_password_as_query_variable} {
+            ad_returnredirect [export_vars -base $next_url {
+                user_id password {account_message $creation_info(account_message)}
+            }]
+        } else {
+            ad_returnredirect [export_vars -base $next_url {
+                user_id {account_message $creation_info(account_message)}
+            }]
+        }
         ad_script_abort
     }
 
Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v
diff -u -N -r1.126.2.23 -r1.126.2.24
--- openacs-4/packages/acs-tcl/tcl/security-procs.tcl	28 Nov 2019 11:06:31 -0000	1.126.2.23
+++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl	28 Nov 2019 12:10:03 -0000	1.126.2.24
@@ -1837,6 +1837,15 @@
     util_memoize_seed [list sec_lookup_property $session_id $module $name] [list $value $secure]
 }
 
+
+#
+# Provide a global variable for devopers to activate/deactivate
+# client_property_password in case a site has good reasons not to
+# using the client property (e.g. site specific code). This is meant
+# to be transitional code.
+#
+set ::acs::pass_password_as_query_variable 0
+
 ad_proc -public security::set_client_property_password {password} {
     
     Convenience function for remembering user password as client property
@@ -1846,6 +1855,7 @@
 } {
     ad_set_client_property -persistent f acs-admin user-password $password
 }
+
 ad_proc -public security::get_client_property_password {password} {
     
     Convenience function for retrieving user password from client property
Index: openacs-4/packages/dotlrn/www/user-add-2.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/www/user-add-2.tcl,v
diff -u -N -r1.18.2.1 -r1.18.2.2
--- openacs-4/packages/dotlrn/www/user-add-2.tcl	28 Nov 2019 11:06:32 -0000	1.18.2.1
+++ openacs-4/packages/dotlrn/www/user-add-2.tcl	28 Nov 2019 12:10:03 -0000	1.18.2.2
@@ -71,9 +71,19 @@
 if {[info exists password]} {
     security::set_client_property_password $password
 }
-set redirect [export_vars -base user-add-2 {
-    user_id referer type can_browse_p read_private_data_p dotlrn_interactive_p add_membership_p
-}]
+if {$::acs::pass_password_as_query_variable} {
+    set redirect [export_vars -base user-add-2 {
+        user_id password referer type can_browse_p read_private_data_p
+        dotlrn_interactive_p add_membership_p
+    }]
+} else {
+    set redirect [export_vars -base user-add-2 {
+        user_id referer type can_browse_p read_private_data_p
+        dotlrn_interactive_p add_membership_p
+    }]    
+}
+
+
 if { $add_membership_p == "t" && $referer eq "/acs-admin/users" } {
     set redirect "one-community-admin"
 } else {