From 45bd454e268409e68db3d28722ea87c1f9c57508 Mon Sep 17 00:00:00 2001
From: dgtlmoon <dgtlmoon@gmail.com>
Date: Mon, 21 Jun 2021 22:12:47 +1000
Subject: [PATCH] Be sure not to use blank passwords as the password

---
 backend/__init__.py | 5 ++++-
 backend/forms.py    | 9 +++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/backend/__init__.py b/backend/__init__.py
index 220a1aa7789..3e57dc0a5a1 100644
--- a/backend/__init__.py
+++ b/backend/__init__.py
@@ -483,7 +483,10 @@ def settings_page():
                 flash("Password protection enabled.", 'notice')
                 flask_login.logout_user()
                 return redirect(url_for('index'))
-
+            else:
+                # Unset it anyway, just to be sure.
+                datastore.data['settings']['application']['password'] = False
+                
             flash("Settings updated.")
 
         if request.method == 'POST' and not form.validate():
diff --git a/backend/forms.py b/backend/forms.py
index 615b834f75f..681d35455ef 100644
--- a/backend/forms.py
+++ b/backend/forms.py
@@ -46,11 +46,12 @@ def build_password(self, password):
     # incoming
     def process_formdata(self, valuelist):
         if valuelist:
-            # Remove empty strings
-            self.encrypted_password = self.build_password(valuelist[0])
-            self.data = []
+            # Be really sure it's non-zero in length
+            if len(valuelist[0].strip()) > 0:
+                self.encrypted_password = self.build_password(valuelist[0])
+                self.data = ""
         else:
-            self.data = []
+            self.data = False
 
 
 # Separated by  key:value