holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

only send password (or hash) to client-side, if explicitly requested

Browse Source
This commit is contained in:
ralf 2022-02-25 13:52:36 +02:00
parent 3e41eb00c6
commit 71d079c9f3
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/src/Etemplate/Widget/Password.php
View File

@ -58,11 +58,11 @@ class Password extends Etemplate\Widget\Textbox
$preserv =& self::get_array(self::$request->preserv, $form_name, true);
$preserv = (string)$value;
if (!empty($value) && ((array_key_exists('viewable', $this->attrs) && $this->attrs['viewable'] === 'false') || $plaintext))
// only send password (or hash) to client-side, if explicitly requested
if (!empty($value) && (!array_key_exists('viewable', $this->attrs) || !in_array($this->attrs['viewable'], ['1', 'true', true], true)))
{
$value = str_repeat('*', strlen($preserv));
}
//$value = str_repeat('*', strlen($preserv));
}
}