diff options
| author | Santiago Pastorino <santiago@wyeworks.com> | 2010-08-28 05:01:57 -0300 |
|---|---|---|
| committer | Santiago Pastorino <santiago@wyeworks.com> | 2010-08-28 05:23:34 -0300 |
| commit | 1851af84c1c7244dc416be9c93a4700b70e801e3 (patch) | |
| tree | 70c7304b1bf1fb0ed9c8f3425c23ea432b0a64f8 /actionpack | |
| parent | d630c76f3fef54da4859d540060e90cc294b5516 (diff) | |
| download | rails-1851af84c1c7244dc416be9c93a4700b70e801e3.tar.gz rails-1851af84c1c7244dc416be9c93a4700b70e801e3.tar.bz2 rails-1851af84c1c7244dc416be9c93a4700b70e801e3.zip | |
password_field renders with nil value by default
This makes the use of passwords secure by default if you want to render
the value of the password_field you have to do for instance
f.password_field(:password, :value => @user.password) # =>
<input type=password id=user_password name=user[password]
value=#{@user.password} />
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/CHANGELOG | 2 | ||||
| -rw-r--r-- | actionpack/lib/action_view/helpers/form_helper.rb | 10 | ||||
| -rw-r--r-- | actionpack/test/template/form_helper_test.rb | 5 |
3 files changed, 11 insertions, 6 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index d7cfad7d6b..9a58d61f2b 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,3 +1,5 @@ +* password_field renders with nil value by default making the use of passwords secure by default, if you want to render you should do for instance f.password_field(:password, :value => @user.password) [Santiago Pastorino] + * Symbols and strings in routes should yield the same behavior. Note this may break existing apps that were using symbols with the new routes API. [José Valim] * Add clear_helpers as a way to clean up all helpers added to this controller, maintaing just the helper with the same name as the controller. [José Valim] diff --git a/actionpack/lib/action_view/helpers/form_helper.rb b/actionpack/lib/action_view/helpers/form_helper.rb index d749e31e12..ed83658140 100644 --- a/actionpack/lib/action_view/helpers/form_helper.rb +++ b/actionpack/lib/action_view/helpers/form_helper.rb @@ -624,19 +624,19 @@ module ActionView # # ==== Examples # password_field(:login, :pass, :size => 20) - # # => <input type="password" id="login_pass" name="login[pass]" size="20" value="#{@login.pass}" /> + # # => <input type="password" id="login_pass" name="login[pass]" size="20" /> # - # password_field(:account, :secret, :class => "form_input") + # password_field(:account, :secret, :class => "form_input", :value => @account.secret) # # => <input type="password" id="account_secret" name="account[secret]" value="#{@account.secret}" class="form_input" /> # # password_field(:user, :password, :onchange => "if $('user[password]').length > 30 { alert('Your password needs to be shorter!'); }") - # # => <input type="password" id="user_password" name="user[password]" value="#{@user.password}" onchange = "if $('user[password]').length > 30 { alert('Your password needs to be shorter!'); }"/> + # # => <input type="password" id="user_password" name="user[password]" onchange = "if $('user[password]').length > 30 { alert('Your password needs to be shorter!'); }"/> # # password_field(:account, :pin, :size => 20, :class => 'form_input') - # # => <input type="password" id="account_pin" name="account[pin]" size="20" value="#{@account.pin}" class="form_input" /> + # # => <input type="password" id="account_pin" name="account[pin]" size="20" class="form_input" /> # def password_field(object_name, method, options = {}) - InstanceTag.new(object_name, method, self, options.delete(:object)).to_input_field_tag("password", options) + InstanceTag.new(object_name, method, self, options.delete(:object)).to_input_field_tag("password", { :value => nil }.merge!(options)) end # Returns a hidden input tag tailored for accessing a specified attribute (identified by +method+) on an object diff --git a/actionpack/test/template/form_helper_test.rb b/actionpack/test/template/form_helper_test.rb index 8ba4aa1639..fd801e2a9e 100644 --- a/actionpack/test/template/form_helper_test.rb +++ b/actionpack/test/template/form_helper_test.rb @@ -167,7 +167,10 @@ class FormHelperTest < ActionView::TestCase '<input id="post_title" name="post[title]" size="30" type="text" value="Hello World" />', text_field("post", "title") ) assert_dom_equal( - '<input id="post_title" name="post[title]" size="30" type="password" value="Hello World" />', password_field("post", "title") + '<input id="post_title" name="post[title]" size="30" type="password" />', password_field("post", "title") + ) + assert_dom_equal( + '<input id="post_title" name="post[title]" size="30" type="password" value="Hello World" />', password_field("post", "title", :value => @post.title) ) assert_dom_equal( '<input id="person_name" name="person[name]" size="30" type="password" />', password_field("person", "name") |