Fixed #3585

CHANGELOG-v3.md

@@ -7,6 +7,7 @@
 
 ### Fixed
 - Fixed a bug where the “Edit” button on asset editor HUDs didn’t launch the Image Editor if the asset was being edited on another element type’s index page. ([#3575](https://github.com/craftcms/cms/issues/3575))
+- Fixed an exception that would be thrown when saving a user from a front-end form with a non-empty `email` or `newPassword` param, if the `password` param was missing or empty. ([#3585](https://github.com/craftcms/cms/issues/3585))
 
 ## 3.0.36 - 2018-12-18
 

src/controllers/UsersController.php

@@ -30,6 +30,7 @@
 use craft\web\ServiceUnavailableHttpException;
 use craft\web\UploadedFile;
 use craft\web\View;
+use yii\base\InvalidArgumentException;
 use yii\web\BadRequestHttpException;
 use yii\web\ForbiddenHttpException;
 use yii\web\HttpException;
@@ -1752,9 +1753,18 @@ private function _verifyExistingPassword(): bool
         }
 
         $currentHashedPassword = $currentUser->password;
-        $currentPassword = Craft::$app->getRequest()->getRequiredParam('password');
 
-        return Craft::$app->getSecurity()->validatePassword($currentPassword, $currentHashedPassword);
+        try {
+            $currentPassword = Craft::$app->getRequest()->getRequiredParam('password');
+        } catch (BadRequestHttpException $e) {
+            return false;
+        }
+
+        try {
+            return Craft::$app->getSecurity()->validatePassword($currentPassword, $currentHashedPassword);
+        } catch (InvalidArgumentException $e) {
+            return false;
+        }
     }
 
     /**