From 47d009e96fa87950219e970f0170d1a247e7e488 Mon Sep 17 00:00:00 2001
From: Janis Steiner <janis.st44@gmail.com>
Date: Tue, 31 Dec 2024 11:29:30 +0100
Subject: [PATCH] fixing a bug where password update failed because of
 htmlspecialchars

---
 app-code/api/account/update_pw.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app-code/api/account/update_pw.php b/app-code/api/account/update_pw.php
index 3e50789..1733244 100644
--- a/app-code/api/account/update_pw.php
+++ b/app-code/api/account/update_pw.php
@@ -40,8 +40,8 @@ if (isset($data->old_password) && isset($data->new_password)) {
     $user_id = $_SESSION['id']; // Assuming user_id is stored in session
 
     // Sanitize inputs
-    $old_password = htmlspecialchars($data->old_password);
-    $new_password = htmlspecialchars($data->new_password);
+    $old_password = $data->old_password;
+    $new_password = $data->new_password;
     
     // Check password strength (optional but recommended)
     if (strlen($new_password) < 12) {