diff options
author | redmatrix <git@macgirvin.com> | 2016-01-21 14:32:41 -0800 |
---|---|---|
committer | redmatrix <git@macgirvin.com> | 2016-01-21 14:32:41 -0800 |
commit | 2be515e7bbec6ffb960fc037be970582291039a8 (patch) | |
tree | 688f239b911d461b21221815fa1b21ccc9f53455 | |
parent | 699d5d10813855fc2897a778dec74e6857bb1be6 (diff) | |
download | volse-hubzilla-2be515e7bbec6ffb960fc037be970582291039a8.tar.gz volse-hubzilla-2be515e7bbec6ffb960fc037be970582291039a8.tar.bz2 volse-hubzilla-2be515e7bbec6ffb960fc037be970582291039a8.zip |
set the actual value of the password input field to a single space on remove channel and remove account because firefox does not honour 'autocomplete="off"' and insists on filling in the password, which completely defeats the purpose of password protecting this function. We want to ensure it can only be executed by somebody who knows the password and not somebody who happens upon an unattended browser session. This space is annoying and must be removed to enter the password correctly but this appears to be the only way to provide the necessary safety for that page. Setting autocomplete to a random string as suggested by the firefox doco doesn't appear to do anything useful, as autocomplete is still performed.
-rw-r--r-- | view/tpl/removeaccount.tpl | 2 | ||||
-rwxr-xr-x | view/tpl/removeme.tpl | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/view/tpl/removeaccount.tpl b/view/tpl/removeaccount.tpl index aefcd51a8..ce6c8ac22 100644 --- a/view/tpl/removeaccount.tpl +++ b/view/tpl/removeaccount.tpl @@ -10,7 +10,7 @@ <input type="hidden" name="verify" value="{{$hash}}" /> <div class="form-group" id="remove-account-pass-wrapper"> <label id="remove-account-pass-label" for="remove-account-pass">{{$passwd}}</label> - <input class="form-control" type="password" id="remove-account-pass" name="qxz_password" /> + <input class="form-control" type="password" id="remove-account-pass" autocomplete="off" name="qxz_password" value=" " /> </div> {{include file="field_checkbox.tpl" field=$global}} <button type="submit" name="submit" class="btn btn-danger">{{$submit}}</button> diff --git a/view/tpl/removeme.tpl b/view/tpl/removeme.tpl index 5b329dd6d..40b9546d2 100755 --- a/view/tpl/removeme.tpl +++ b/view/tpl/removeme.tpl @@ -10,7 +10,7 @@ <input type="hidden" name="verify" value="{{$hash}}" /> <div class="form-group" id="remove-account-pass-wrapper"> <label id="remove-account-pass-label" for="remove-account-pass">{{$passwd}}</label> - <input class="form-control" type="password" id="remove-account-pass" name="qxz_password" /> + <input class="form-control" type="password" id="remove-account-pass" autocomplete="off" name="qxz_password" value=" " /> </div> {{include file="field_checkbox.tpl" field=$global}} <button type="submit" name="submit" class="btn btn-danger">{{$submit}}</button> |