Index: openacs-4/packages/acs-subsite/lib/user-new.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/lib/user-new.tcl,v diff -u -r1.23.2.1 -r1.23.2.2 --- openacs-4/packages/acs-subsite/lib/user-new.tcl 28 Nov 2019 11:06:31 -0000 1.23.2.1 +++ openacs-4/packages/acs-subsite/lib/user-new.tcl 28 Nov 2019 12:10:03 -0000 1.23.2.2 @@ -189,9 +189,15 @@ # as well. # security::set_client_property_password $password - ad_returnredirect [export_vars -base $next_url { - user_id {account_message $creation_info(account_message)} - }] + if {$::acs::pass_password_as_query_variable} { + ad_returnredirect [export_vars -base $next_url { + user_id password {account_message $creation_info(account_message)} + }] + } else { + ad_returnredirect [export_vars -base $next_url { + user_id {account_message $creation_info(account_message)} + }] + } ad_script_abort } Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v diff -u -r1.126.2.23 -r1.126.2.24 --- openacs-4/packages/acs-tcl/tcl/security-procs.tcl 28 Nov 2019 11:06:31 -0000 1.126.2.23 +++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl 28 Nov 2019 12:10:03 -0000 1.126.2.24 @@ -1837,6 +1837,15 @@ util_memoize_seed [list sec_lookup_property $session_id $module $name] [list $value $secure] } + +# +# Provide a global variable for devopers to activate/deactivate +# client_property_password in case a site has good reasons not to +# using the client property (e.g. site specific code). This is meant +# to be transitional code. +# +set ::acs::pass_password_as_query_variable 0 + ad_proc -public security::set_client_property_password {password} { Convenience function for remembering user password as client property @@ -1846,6 +1855,7 @@ } { ad_set_client_property -persistent f acs-admin user-password $password } + ad_proc -public security::get_client_property_password {password} { Convenience function for retrieving user password from client property Index: openacs-4/packages/dotlrn/www/user-add-2.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/www/user-add-2.tcl,v diff -u -r1.18.2.1 -r1.18.2.2 --- openacs-4/packages/dotlrn/www/user-add-2.tcl 28 Nov 2019 11:06:32 -0000 1.18.2.1 +++ openacs-4/packages/dotlrn/www/user-add-2.tcl 28 Nov 2019 12:10:03 -0000 1.18.2.2 @@ -71,9 +71,19 @@ if {[info exists password]} { security::set_client_property_password $password } -set redirect [export_vars -base user-add-2 { - user_id referer type can_browse_p read_private_data_p dotlrn_interactive_p add_membership_p -}] +if {$::acs::pass_password_as_query_variable} { + set redirect [export_vars -base user-add-2 { + user_id password referer type can_browse_p read_private_data_p + dotlrn_interactive_p add_membership_p + }] +} else { + set redirect [export_vars -base user-add-2 { + user_id referer type can_browse_p read_private_data_p + dotlrn_interactive_p add_membership_p + }] +} + + if { $add_membership_p == "t" && $referer eq "/acs-admin/users" } { set redirect "one-community-admin" } else {