From 457c9a8e727dff3167065954ef7269f2a6edb296 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Sat, 1 Dec 2007 22:03:45 +0000 Subject: [PATCH] Fixed: svn or ldap password can be found in clear text in the html source in editing mode. git-svn-id: http://redmine.rubyforge.org/svn/trunk@942 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/helpers/repositories_helper.rb | 5 ++++- app/views/auth_sources/_form.rhtml | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/app/helpers/repositories_helper.rb b/app/helpers/repositories_helper.rb index 41218fa7..333b30b1 100644 --- a/app/helpers/repositories_helper.rb +++ b/app/helpers/repositories_helper.rb @@ -62,7 +62,10 @@ module RepositoriesHelper content_tag('p', form.text_field(:url, :size => 60, :required => true, :disabled => (repository && !repository.root_url.blank?)) + '
(http://, https://, svn://, file:///)') + content_tag('p', form.text_field(:login, :size => 30)) + - content_tag('p', form.password_field(:password, :size => 30)) + content_tag('p', form.password_field(:password, :size => 30, :name => 'ignore', + :value => ((repository.new_record? || repository.password.blank?) ? '' : ('x'*15)), + :onfocus => "this.value=''; this.name='repository[password]';", + :onchange => "this.name='repository[password]';")) end def darcs_field_tags(form, repository) diff --git a/app/views/auth_sources/_form.rhtml b/app/views/auth_sources/_form.rhtml index 24d2913e..3d148c11 100644 --- a/app/views/auth_sources/_form.rhtml +++ b/app/views/auth_sources/_form.rhtml @@ -15,7 +15,10 @@ <%= text_field 'auth_source', 'account' %>

-<%= password_field 'auth_source', 'account_password' %>

+<%= password_field 'auth_source', 'account_password', :name => 'ignore', + :value => ((@auth_source.new_record? || @auth_source.account_password.blank?) ? '' : ('x'*15)), + :onfocus => "this.value=''; this.name='auth_source[account_password]';", + :onchange => "this.name='auth_source[account_password]';" %>

<%= text_field 'auth_source', 'base_dn', :size => 60 %>

-- 2.11.0