Plain text passwords in db

I'm not sure if it happens in 4.6.5, but it happens in HEAD.

The attached patch is for HEAD.

Though, the patch doesn't remove 'pass1' and 'pass2' if it was already there. Noit sure, how to fix that.

The patch is totally wrong and I won't waste my time explaining why. Give me some time and I'll submit the correct one.

This patch is trivial :P we need to save the ref to really delete pass1 and pass2. This need lead to some really nice code :D

Wouldn't it be easier to use unset($form_values['pass2']) instead of $form_values['pass2']['ref'] = NULL;

What about those that already have plain passwords in their DBs? It could probably be fixed by unsetting the keys 'pass1' and 'pass2' from the array $data before this loop:
foreach ($array as $key => $value) {

Offtopic: I tried to send you an email via contact form, but it seems emails from this site doesn't work (I didn't get my copy). I just wanted to tell you that you've been a bit rude. I'm not trying to tell anyone how to do anything, just trying to be of some help. Thanks for that.

Much nicer patch. Also corrects password_confirm_after_build to work at any tree level.

Eek! That's another issue's patch.

markus sorry for being rude, I do notice that you are submitting lots of very useful patches and sorry if I were rude, I just wanted to stop a bad commit and as it's 2am I really did not want to explain what's wrong there. Sorry again.

and for those who have plain passwords? Add

$form_values['pass1'] = $form_values['pass2'] = NULL;

to user_edit_submit and remove later.

No problem.

Do you plan to fix the DB of those that have plain passwords in their DBs?

rofl. ok

No. This is a developer version, you should always be prepared to zap your database, or even get your database zapped by Drupal. I will not waste any effort to fix something that's only in developer DBs. Because this was not so in 4.6.

Markus, it seems you are here :) care to review my patch?

killes asked me to set error on both. Well, here you are. Also, it further corrects password_confirm_after_build to work from any part of the tree with using form_error instead of form_set_error.

I still feel that this is validation, and it should be done within a _validate hook.

Validation happens after build by definition, and there's a phase specifically for this reason.

Well. After a long, long debate I decided to move it to #validate but this is a very special case. If you can avoid, then do avoid changing stuff in #validate.

Rerolled and tested.

Committed to HEAD. Thanks.