aboutsummaryrefslogtreecommitdiffstats
path: root/include/session.php
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-01-21 14:32:41 -0800
committerredmatrix <git@macgirvin.com>2016-01-21 14:32:41 -0800
commit2be515e7bbec6ffb960fc037be970582291039a8 (patch)
tree688f239b911d461b21221815fa1b21ccc9f53455 /include/session.php
parent699d5d10813855fc2897a778dec74e6857bb1be6 (diff)
downloadvolse-hubzilla-2be515e7bbec6ffb960fc037be970582291039a8.tar.gz
volse-hubzilla-2be515e7bbec6ffb960fc037be970582291039a8.tar.bz2
volse-hubzilla-2be515e7bbec6ffb960fc037be970582291039a8.zip
set the actual value of the password input field to a single space on remove channel and remove account because firefox does not honour 'autocomplete="off"' and insists on filling in the password, which completely defeats the purpose of password protecting this function. We want to ensure it can only be executed by somebody who knows the password and not somebody who happens upon an unattended browser session. This space is annoying and must be removed to enter the password correctly but this appears to be the only way to provide the necessary safety for that page. Setting autocomplete to a random string as suggested by the firefox doco doesn't appear to do anything useful, as autocomplete is still performed.
Diffstat (limited to 'include/session.php')
0 files changed, 0 insertions, 0 deletions