[Bps-public-commit] rt-extension-formtools branch, stop-storing-password, created. 0.07_06-2-gebcef6a

Kevin Falcone falcone at bestpractical.com
Thu Jul 14 15:53:16 EDT 2011


The branch, stop-storing-password has been created
        at  ebcef6ae31cd0842164ad5624a9d69cd1cb6f0a6 (commit)

- Log -----------------------------------------------------------------
commit ebcef6ae31cd0842164ad5624a9d69cd1cb6f0a6
Author: Kevin Falcone <kevin at jibsheet.com>
Date:   Thu Jul 14 15:52:57 2011 -0400

    Rather than adding a TODO, stop saving password into the page source

diff --git a/html/FormTools/Form b/html/FormTools/Form
index b8b832f..2ab1802 100644
--- a/html/FormTools/Form
+++ b/html/FormTools/Form
@@ -90,13 +90,11 @@ $next_for_validation ||= $m->caller(1)->path;
 % }
 <%$content|n%>
 
-%# XXX: we should only pass CFs and core fields.  this is causing
-%# username/password to be bypassed if we are logining directly on a
-%# formtool page.
 % foreach my $key (keys %request_args) {
 % next if (ref $request_args{$key} && ref $request_args{$key} ne 'ARRAY');
 % foreach my $val ( ref ($request_args{$key}) ? @{$request_args{$key}} : ($request_args{$key})) {
 % next if $forbid_persisting->{$key};
+% next if ($key eq 'user' or $key eq 'pass');
 <input type="hidden" name="<%$key%>" value="<%$val%>" />
 % }
 % }

-----------------------------------------------------------------------



More information about the Bps-public-commit mailing list