summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGunnar Wrobel <wrobel@pardus.de>2010-07-12 21:22:09 (GMT)
committerGunnar Wrobel <wrobel@pardus.de>2010-07-12 21:22:09 (GMT)
commit66cf7730cb2d051dc4c37eaedfbcd01b5022ce9d (patch)
tree2bf232202a80650f6fa800e34de3332dd256fedc
parentd0bba9609cd6d4dc7fc1704f428ce57bedcfa9dc (diff)
downloadkolab-webadmin-66cf7730cb2d051dc4c37eaedfbcd01b5022ce9d.tar.gz
kolab/issue4430 (Modify User reply page contains user password in plain text)
-rw-r--r--ChangeLog10
-rw-r--r--php/admin/include/form.class.php2
-rw-r--r--www/admin/administrator/admin.php.in2
-rw-r--r--www/admin/domainmaintainer/domainmaintainer.php.in2
-rw-r--r--www/admin/maintainer/maintainer.php.in2
-rw-r--r--www/admin/user/user.php.in2
6 files changed, 19 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 98f09de..75ce41f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2010-07-12 Gunnar Wrobel <p@rdus.de>
+
+ * www/admin/administrator/admin.php.in:
+ * www/admin/domainmaintainer/domainmaintainer.php.in:
+ * www/admin/maintainer/maintainer.php.in:
+ * www/admin/user/user.php.in:
+
+ kolab/issue4430 ("Modify User" reply page contains user password
+ in plain text)
+
2010-06-28 Gunnar Wrobel <p@rdus.de>
* www/admin/user/user.php.in:
diff --git a/php/admin/include/form.class.php b/php/admin/include/form.class.php
index ebfc82b..a84b293 100644
--- a/php/admin/include/form.class.php
+++ b/php/admin/include/form.class.php
@@ -394,7 +394,7 @@ class KolabForm {
if( strlen(trim($_REQUEST['user_'.$key])) == 0 ) {
$this->errors[] = _('Required field ').$value['name']._(' is empty');
}
- } else if( strlen( trim($_REQUEST[$key]) ) == 0 ) {
+ } else if( (!is_array($_REQUEST[$key]) && strlen( trim($_REQUEST[$key]) ) == 0) || empty($_REQUEST[$key]) ) {
$this->errors[] = _('Required field ').$value['name']._(' is empty');
}
} else {
diff --git a/www/admin/administrator/admin.php.in b/www/admin/administrator/admin.php.in
index 74ed95b..d62ee8f 100644
--- a/www/admin/administrator/admin.php.in
+++ b/www/admin/administrator/admin.php.in
@@ -243,6 +243,8 @@ switch( $action ) {
$heading = _('Modify Administrator');
$messages[] = _('Administrator ').$ldap_object['dn']._(' successfully modified');
$form->setValues();
+ $form->entries['password_0']['value'] = '';
+ $form->entries['password_1']['value'] = '';
$form->entries['action']['value'] = 'save';
$content = $form->outputForm();
break;
diff --git a/www/admin/domainmaintainer/domainmaintainer.php.in b/www/admin/domainmaintainer/domainmaintainer.php.in
index 13d7e26..f88b958 100644
--- a/www/admin/domainmaintainer/domainmaintainer.php.in
+++ b/www/admin/domainmaintainer/domainmaintainer.php.in
@@ -243,6 +243,8 @@ switch( $action ) {
$heading = _('Modify Domain Maintainer');
$messages[] = _('Maintainer ').$ldap_object['dn']._(' successfully modified');
$form->setValues();
+ $form->entries['password_0']['value'] = '';
+ $form->entries['password_1']['value'] = '';
if( $auth->group() != 'admin' && $auth->group() != 'maintainer' ) {
$form->entries['firstname']['attrs'] = 'readonly';
$form->entries['lastname']['attrs'] = 'readonly';
diff --git a/www/admin/maintainer/maintainer.php.in b/www/admin/maintainer/maintainer.php.in
index 35b521e..153744b 100644
--- a/www/admin/maintainer/maintainer.php.in
+++ b/www/admin/maintainer/maintainer.php.in
@@ -240,6 +240,8 @@ switch( $action ) {
$heading = _('Modify Maintainer');
$messages[] = _('Maintainer ').$ldap_object['dn']._(' successfully modified');
$form->setValues();
+ $form->entries['password_0']['value'] = '';
+ $form->entries['password_1']['value'] = '';
if( $auth->group() != 'admin' ) {
$form->entries['firstname']['attrs'] = 'readonly';
$form->entries['lastname']['attrs'] = 'readonly';
diff --git a/www/admin/user/user.php.in b/www/admin/user/user.php.in
index 6788d85..aa3c455 100644
--- a/www/admin/user/user.php.in
+++ b/www/admin/user/user.php.in
@@ -757,6 +757,8 @@ switch( $action ) {
$heading = _('Modify User');
if( !$errors ) $messages[] = sprintf(_("User '%s' successfully modified"), $dn);
$form->setValues();
+ if(array_key_exists('password_0',$form->entries)) $form->entries['password_0']['value'] = '';
+ if(array_key_exists('password_1',$form->entries)) $form->entries['password_1']['value'] = '';
$form->entries['mail']['attrs'] = 'readonly';
$form->entries['kolabhomeserver']['attrs'] = 'readonly';
$form->entries['action']['value'] = 'save';