extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2025-06-26 21:01:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

never send passwords back to client, instead send a number of asterisks and replace them again on server-side

Browse Source
This commit is contained in:
Ralf Becker 2013-11-04 09:11:11 +00:00
parent a1b66d286d
commit 1fe139c822
1 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
etemplate/inc/class.etemplate_widget_textbox.inc.php
View File

@ -7,7 +7,7 @@
* @subpackage api * @subpackage api
* @link http://www.egroupware.org * @link http://www.egroupware.org
* @author Ralf Becker <RalfBecker@outdoor-training.de> * @author Ralf Becker <RalfBecker@outdoor-training.de>
* @copyright 2002-11 by RalfBecker@outdoor-training.de * @copyright 2002-13 by RalfBecker@outdoor-training.de
* @version $Id$ * @version $Id$
*/ */
@ -18,6 +18,7 @@
* - float * - float
* - hidden * - hidden
* - colorpicker * - colorpicker
* - passwd (passwords are never send back to client, instead a number of asterisks is send and replaced again!)
* sub-types are either passed to constructor or set via 'type' attribute! * sub-types are either passed to constructor or set via 'type' attribute!
*/ */
class etemplate_widget_textbox extends etemplate_widget class etemplate_widget_textbox extends etemplate_widget
@ -67,6 +68,28 @@ class etemplate_widget_textbox extends etemplate_widget
return $this; return $this;
} }
/**
* Set up what we know on the server side.
*
* @param string $cname
* @param array $expand values for keys 'c', 'row', 'c_', 'row_', 'cont'
*/
public function beforeSendToClient($cname, array $expand)
{
// to NOT transmit passwords back to client, we need to store (non-empty) value in preserv
if ($this->attrs['type'] == 'passwd' || $this->type == 'passwd')
{
$form_name = self::form_name($cname, $this->id, $expand);
$value =& self::get_array(self::$request->content, $form_name);
if (!empty($value))
{
$preserv =& self::get_array(self::$request->preserv, $form_name, true);
$preserv = (string)$value;
$value = str_repeat('*', strlen($preserv));
}
}
}
/** /**
* Validate input * Validate input
* *
@ -108,6 +131,17 @@ class etemplate_widget_textbox extends etemplate_widget
$value = $value_in = self::get_array($content, $form_name); $value = $value_in = self::get_array($content, $form_name);
$valid =& self::get_array($validated, $form_name, true); $valid =& self::get_array($validated, $form_name, true);
// passwords are not transmitted back to client (just asterisks)
// therefore we need to replace it again with preserved value
if (($this->attrs['type'] == 'passwd' || $this->type == 'passwd'))
{
$preserv = self::get_array(self::$request->preserv, $form_name);
if ($value == str_repeat('*', strlen($preserv)))
{
$value = $preserv;
}
}
if ((string)$value === '' && $this->attrs['needed']) if ((string)$value === '' && $this->attrs['needed'])
{ {
self::set_validation_error($form_name,lang('Field must not be empty !!!'),''); self::set_validation_error($form_name,lang('Field must not be empty !!!'),'');