From 6250a212b39733036959f270c39150e11ad19fb9 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Tue, 23 Apr 2024 13:55:55 +0200
Subject: [PATCH] hash password when creating a new user

---
 restapi/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/restapi/index.php b/restapi/index.php
index cd73530e2..4aa2c4de7 100644
--- a/restapi/index.php
+++ b/restapi/index.php
@@ -2056,7 +2056,7 @@ class RestapiController { /* {{{ */
         $role = isset($params['role']) ? $params['role'] : null;
         $roleid = $role == 'admin' ? SeedDMS_Core_User::role_admin : ($role == 'guest' ? SeedDMS_Core_User::role_guest : SeedDMS_Core_User::role_user);
 
-        $newAccount = $dms->addUser($userName, $password, $fullname, $email, $language, $theme, $comment, $roleid);
+        $newAccount = $dms->addUser($userName, seed_pass_hash($password), $fullname, $email, $language, $theme, $comment, $roleid);
         if ($newAccount === false) {
             return $response->withJson(array('success'=>false, 'message'=>'Account could not be created, maybe it already exists', 'data'=>''), 500);
         }