From 6466241cbb06471c185ecc06ef37de1d1099020b Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Tue, 18 Aug 2015 19:07:34 -0600
Subject: [PATCH] unset plaintext pw and hash on user save

---
 system/src/Grav/Common/User/User.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/system/src/Grav/Common/User/User.php b/system/src/Grav/Common/User/User.php
index 9c7e0d324..0bf86055a 100644
--- a/system/src/Grav/Common/User/User.php
+++ b/system/src/Grav/Common/User/User.php
@@ -98,6 +98,12 @@ class User extends Data
     {
         $file = $this->file();
         if ($file) {
+            // if plain text password, hash it and remove plain text
+            if ($this->password) {
+                $this->hashed_password = Authentication::create($this->password);
+                unset($this->password);
+            }
+
             $username = $this->get('username');
             unset($this->username);
             $file->save($this->items);