If the forum module is installed there are new fields when editing a member like "Occupation", "Country", or "User rating".
There is also a new field "Confirm password" which should make sure that the entered password is the expected one and the user didn't make a typo. The problem now is that the validator in ForumRole isn't executed at all so it is possible to enter two different passwords and nevertheless the system will change the password without checking it!
The bug resides in sapphire itself because it doesn't call any validator function on DataObjectDecorators.
I also created a [url=http://open.silverstripe.com/ticket/1401]ticket[/url] for this!
> The problem now is that the validator in ForumRole isn't executed at all so it is possible to
> enter two different passwords and nevertheless the system will change the password
> without checking it!
I can confirm that this is a bug using http://svn.silverstripe.com/open/modules/forum/trunk r39005 and sapphire gsoc branch r39561:
Entering two different passwords or even no password at all while editing forum members via /admin/security/index/2 does not result in any errors (like it should).
This bug does not occur on the frontend, but I found and filed a usability problem: [url=http://open.silverstripe.com/ticket/1402]Ticket #1402 "Both passwords need to match. Please try again." warning is displayed inconsistently on forum register and edit pages[/url]