From 24fd9b1e9bde050c7fbb5c24e7686789b5ddf1d3 Mon Sep 17 00:00:00 2001
From: nate <nate@cakephp.org>
Date: Thu, 8 Feb 2007 23:44:58 +0000
Subject: [PATCH] Removing password data from user record access in
 AuthComponent

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@4484 3807eeeb-6ff5-0310-8944-8be069107fe0
---
 cake/libs/controller/components/auth.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/cake/libs/controller/components/auth.php b/cake/libs/controller/components/auth.php
index e581fb9ab..9dbabec30 100644
--- a/cake/libs/controller/components/auth.php
+++ b/cake/libs/controller/components/auth.php
@@ -479,7 +479,6 @@ class AuthComponent extends Object {
 			if (empty($data) || empty($data[$this->userModel])) {
 				return null;
 			}
-			return $data[$this->userModel];
 		} else if (is_numeric($user)) {
 			// Assume it's a user's ID
 			$model =& $this->getUserModel();
@@ -488,6 +487,11 @@ class AuthComponent extends Object {
 			if (empty($data) || empty($data[$this->userModel])) {
 				return null;
 			}
+		}
+		if (isset($data) && !empty($data)) {
+			if(!empty($data[$this->userModel][$this->fields['password']])) {
+				unset($data[$this->userModel][$this->fields['password']]);
+			}
 			return $data[$this->userModel];
 		} else {
 			return null;