diff --git a/api/index.php b/api/index.php
index 4a5c1bb31422e9a1f1bc9ee6ca0f9a6f01d4c3f9..333eb0dc96adb4dbe015d40da2dd4bb386bef9b4 100644
--- a/api/index.php
+++ b/api/index.php
@@ -80,8 +80,8 @@
 
 		case "login":
 			$login = db_escape_string($_REQUEST["user"]);
-			$password = db_escape_string($_REQUEST["password"]);
-			$password_base64 = db_escape_string(base64_decode($_REQUEST["password"]));
+			$password = $_REQUEST["password"];
+			$password_base64 = base64_decode($_REQUEST["password"]);
 
 			if (SINGLE_USER_MODE) $login = "admin";
 
diff --git a/functions.php b/functions.php
index 10f8e034efb818667364ee946ac65cf9c8867ca5..730b20c86844a7d36cc123bba941085d7ea0a89c 100644
--- a/functions.php
+++ b/functions.php
@@ -2111,7 +2111,7 @@
 			# try to authenticate user if called from login form
 			if ($login_action == "do_login") {
 				$login = db_escape_string($_POST["login"]);
-				$password = db_escape_string($_POST["password"]);
+				$password = $_POST["password"];
 				$remember_me = $_POST["remember_me"];
 
 				if (authenticate_user($link, $login, $password)) {
diff --git a/modules/pref-prefs.php b/modules/pref-prefs.php
index 2ab79db0161d3459989d40719ea9aaae5294eb8b..838c722c39ac672e900eb7ae36209eef4264b29d 100644
--- a/modules/pref-prefs.php
+++ b/modules/pref-prefs.php
@@ -21,9 +21,9 @@
 
 		if ($subop == "change-password") {
 
-			$old_pw = db_escape_string($_POST["old_password"]);
-			$new_pw = db_escape_string($_POST["new_password"]);
-			$con_pw = db_escape_string($_POST["confirm_password"]);
+			$old_pw = $_POST["old_password"];
+			$new_pw = $_POST["new_password"];
+			$con_pw = $_POST["confirm_password"];
 
 			if ($old_pw == "") {
 				print "ERROR: ".__("Old password cannot be blank.");