aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-01-21 14:32:41 -0800
committerredmatrix <git@macgirvin.com>2016-01-21 14:32:41 -0800
commit2be515e7bbec6ffb960fc037be970582291039a8 (patch)
tree688f239b911d461b21221815fa1b21ccc9f53455
parent699d5d10813855fc2897a778dec74e6857bb1be6 (diff)
downloadvolse-hubzilla-2be515e7bbec6ffb960fc037be970582291039a8.tar.gz
volse-hubzilla-2be515e7bbec6ffb960fc037be970582291039a8.tar.bz2
volse-hubzilla-2be515e7bbec6ffb960fc037be970582291039a8.zip
set the actual value of the password input field to a single space on remove channel and remove account because firefox does not honour 'autocomplete="off"' and insists on filling in the password, which completely defeats the purpose of password protecting this function. We want to ensure it can only be executed by somebody who knows the password and not somebody who happens upon an unattended browser session. This space is annoying and must be removed to enter the password correctly but this appears to be the only way to provide the necessary safety for that page. Setting autocomplete to a random string as suggested by the firefox doco doesn't appear to do anything useful, as autocomplete is still performed.
-rw-r--r--view/tpl/removeaccount.tpl2
-rwxr-xr-xview/tpl/removeme.tpl2
2 files changed, 2 insertions, 2 deletions
diff --git a/view/tpl/removeaccount.tpl b/view/tpl/removeaccount.tpl
index aefcd51a8..ce6c8ac22 100644
--- a/view/tpl/removeaccount.tpl
+++ b/view/tpl/removeaccount.tpl
@@ -10,7 +10,7 @@
<input type="hidden" name="verify" value="{{$hash}}" />
<div class="form-group" id="remove-account-pass-wrapper">
<label id="remove-account-pass-label" for="remove-account-pass">{{$passwd}}</label>
- <input class="form-control" type="password" id="remove-account-pass" name="qxz_password" />
+ <input class="form-control" type="password" id="remove-account-pass" autocomplete="off" name="qxz_password" value=" " />
</div>
{{include file="field_checkbox.tpl" field=$global}}
<button type="submit" name="submit" class="btn btn-danger">{{$submit}}</button>
diff --git a/view/tpl/removeme.tpl b/view/tpl/removeme.tpl
index 5b329dd6d..40b9546d2 100755
--- a/view/tpl/removeme.tpl
+++ b/view/tpl/removeme.tpl
@@ -10,7 +10,7 @@
<input type="hidden" name="verify" value="{{$hash}}" />
<div class="form-group" id="remove-account-pass-wrapper">
<label id="remove-account-pass-label" for="remove-account-pass">{{$passwd}}</label>
- <input class="form-control" type="password" id="remove-account-pass" name="qxz_password" />
+ <input class="form-control" type="password" id="remove-account-pass" autocomplete="off" name="qxz_password" value=" " />
</div>
{{include file="field_checkbox.tpl" field=$global}}
<button type="submit" name="submit" class="btn btn-danger">{{$submit}}</button>