From 2c75b730d8e628899981dbc464d7f1811b779aaa Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 22 Sep 2016 11:41:34 +0200
Subject: [PATCH] Added check for empty passwords on update of MySQL users.

---
 server/plugins-available/mysql_clientdb_plugin.inc.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
index 8d73978d04..4ff13a089d 100644
--- a/server/plugins-available/mysql_clientdb_plugin.inc.php
+++ b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -142,8 +142,10 @@ class mysql_clientdb_plugin {
 			} elseif($action == 'PASSWORD') {
 				//if(!$link->query("SET PASSWORD FOR '".$link->escape_string($database_user)."'@'$db_host' = '".$link->escape_string($database_password)."'")) $success = false;
 				// SET PASSWORD for already hashed passwords is not supported by latest MySQL 5.7 anymore, so we set it directly
-				if(!$link->query("UPDATE mysql.user SET `Password` = '".$link->escape_string($database_password)."' WHERE `Host` = '".$db_host."' AND `User` = '".$link->escape_string($database_user)."'")) $success = false;
-				if($success == true) $link->query("FLUSH PRIVILEGES");
+				if(trim($database_password) != '') {
+					if(!$link->query("UPDATE mysql.user SET `Password` = '".$link->escape_string($database_password)."' WHERE `Host` = '".$db_host."' AND `User` = '".$link->escape_string($database_user)."'")) $success = false;
+					if($success == true) $link->query("FLUSH PRIVILEGES");
+				}
 			}
 		}
 
-- 
GitLab