Module: check_mk
Branch: master
Commit: 8cf1ec8162e1890a1c570f9128b9bb7e81cc2f0d
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8cf1ec8162e189…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jul 8 13:35:26 2013 +0200
wato users: Using dynamic field names to prevent autocompletion of passwords in chrome
---
web/htdocs/wato.py | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 8d69a4f..c475d1f 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -8063,8 +8063,10 @@ def mode_edit_user(phase):
user = users.get(cloneid, userdb.new_user_template('htpasswd'))
else:
user = userdb.new_user_template('htpasswd')
+ pw_suffix = 'new'
else:
user = users.get(userid, userdb.new_user_template('htpasswd'))
+ pw_suffix = userid
# Returns true if an attribute is locked and should be read only. Is only
# checked when modifying an existing user
@@ -8121,8 +8123,8 @@ def mode_edit_user(phase):
increase_serial = True # password changed, reflect in auth serial
else:
- password = html.var("password", '').strip()
- password2 = html.var("password2", '').strip()
+ password = html.var("password_" + pw_suffix, '').strip()
+ password2 = html.var("password2_" + pw_suffix, '').strip()
# Detect switch back from automation to password
if "automation_secret" in new_user:
@@ -8269,9 +8271,9 @@ def mode_edit_user(phase):
_("Normal user login with password"))
html.write("<ul><table><tr><td>%s</td><td>"
% _("password:"))
if not is_locked('password'):
- html.password_input("password", autocomplete="off")
+ html.password_input("password_" + pw_suffix,
autocomplete="off")
html.write("</td></tr><tr><td>%s</td><td>" %
_("repeat:"))
- html.password_input("password2", autocomplete="off")
+ html.password_input("password2_" + pw_suffix,
autocomplete="off")
html.write(" (%s)" % _("optional"))
else:
html.write('<i>%s</i>' % _('The password can not be
changed (It is locked by the user connector).'))