diff options
author | redmatrix <git@macgirvin.com> | 2016-01-21 14:32:41 -0800 |
---|---|---|
committer | redmatrix <git@macgirvin.com> | 2016-01-21 14:32:41 -0800 |
commit | 2be515e7bbec6ffb960fc037be970582291039a8 (patch) | |
tree | 688f239b911d461b21221815fa1b21ccc9f53455 /include/session.php | |
parent | 699d5d10813855fc2897a778dec74e6857bb1be6 (diff) | |
download | volse-hubzilla-2be515e7bbec6ffb960fc037be970582291039a8.tar.gz volse-hubzilla-2be515e7bbec6ffb960fc037be970582291039a8.tar.bz2 volse-hubzilla-2be515e7bbec6ffb960fc037be970582291039a8.zip |
set the actual value of the password input field to a single space on remove channel and remove account because firefox does not honour 'autocomplete="off"' and insists on filling in the password, which completely defeats the purpose of password protecting this function. We want to ensure it can only be executed by somebody who knows the password and not somebody who happens upon an unattended browser session. This space is annoying and must be removed to enter the password correctly but this appears to be the only way to provide the necessary safety for that page. Setting autocomplete to a random string as suggested by the firefox doco doesn't appear to do anything useful, as autocomplete is still performed.
Diffstat (limited to 'include/session.php')
0 files changed, 0 insertions, 0 deletions