[Bps-public-commit] rt-extension-formtools branch, stop-storing-password, created. 0.07_06-2-gebcef6a
Kevin Falcone
falcone at bestpractical.com
Thu Jul 14 15:53:16 EDT 2011
The branch, stop-storing-password has been created
at ebcef6ae31cd0842164ad5624a9d69cd1cb6f0a6 (commit)
- Log -----------------------------------------------------------------
commit ebcef6ae31cd0842164ad5624a9d69cd1cb6f0a6
Author: Kevin Falcone <kevin at jibsheet.com>
Date: Thu Jul 14 15:52:57 2011 -0400
Rather than adding a TODO, stop saving password into the page source
diff --git a/html/FormTools/Form b/html/FormTools/Form
index b8b832f..2ab1802 100644
--- a/html/FormTools/Form
+++ b/html/FormTools/Form
@@ -90,13 +90,11 @@ $next_for_validation ||= $m->caller(1)->path;
% }
<%$content|n%>
-%# XXX: we should only pass CFs and core fields. this is causing
-%# username/password to be bypassed if we are logining directly on a
-%# formtool page.
% foreach my $key (keys %request_args) {
% next if (ref $request_args{$key} && ref $request_args{$key} ne 'ARRAY');
% foreach my $val ( ref ($request_args{$key}) ? @{$request_args{$key}} : ($request_args{$key})) {
% next if $forbid_persisting->{$key};
+% next if ($key eq 'user' or $key eq 'pass');
<input type="hidden" name="<%$key%>" value="<%$val%>" />
% }
% }
-----------------------------------------------------------------------
More information about the Bps-public-commit
mailing list