2 files changed, 20 insertions, 9 deletions

diff --git a/core/js/shareitemmodel.js b/core/js/shareitemmodel.js
index 1cf116f08f9..ae3cb0ce2e3 100644
--- a/core/js/shareitemmodel.js
+++ b/core/js/shareitemmodel.js
@@ -116,7 +116,8 @@
 
 			// TODO: use backbone's default value mechanism once this is a separate model
 			var requiredAttributes = [
-				{ name: 'password',	   defaultValue: '' },
+				{ name: 'password', defaultValue: '' },
+				{ name: 'passwordChanged', defaultValue: false },
 				{ name: 'permissions', defaultValue: OC.PERMISSION_READ },
 				{ name: 'expiration', defaultValue: this.configModel.getDefaultExpirationDateString() }
 			];
@@ -136,11 +137,16 @@
 				}
 			});
 
+			var password = {
+				password: attributes.password,
+				passwordChanged: attributes.passwordChanged
+			};
+
 			OC.Share.share(
 				itemType,
 				itemSource,
 				OC.Share.SHARE_TYPE_LINK,
-				attributes.password,
+				password,
 				attributes.permissions,
 				this.fileInfoModel.get('name'),
 				attributes.expiration,
@@ -208,6 +214,7 @@
 		 */
 		setPassword: function(password) {
 			this.get('linkShare').password = password;
+			this.get('linkShare').passwordChanged = true;
 		},
 
 		addShare: function(attributes, options) {
diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index b015d7738b5..1b31df554cb 100644
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -775,15 +775,19 @@ class Share extends Constants {
 					$updateExistingShare = true;
 				}
 
-				// Generate hash of password - same method as user passwords
-				if (is_string($shareWith) && $shareWith !== '') {
-					self::verifyPassword($shareWith);
-					$shareWith = \OC::$server->getHasher()->hash($shareWith);
+				// Generate hash of password if the password was changed on the client
+				if (isset($shareWith['passwordChanged']) && $shareWith['passwordChanged'] === 'true') {
+					$shareWith = $shareWith['password'];
+					if (is_string($shareWith) && $shareWith !== '') {
+						self::verifyPassword($shareWith);
+						$shareWith = \OC::$server->getHasher()->hash($shareWith);
+					}
 				} else {
-					// reuse the already set password, but only if we change permissions
-					// otherwise the user disabled the password protection
-					if ($checkExists && (int)$permissions !== (int)$oldPermissions) {
+					// reuse the existing password if it was not updated from the client
+					if ($updateExistingShare) {
 						$shareWith = $checkExists['share_with'];
+					} else {
+						$shareWith = '';
 					}
 				}