Module: check_mk
Branch: master
Commit: 734ad7cadef060ee401f6cf7537f696d0a352ba0
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=734ad7cadef060…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Thu Jan 21 13:40:58 2016 +0100
#2943 FIX Preventing issues with password completion of browsers on user and profile edit
pages
---
.werks/2943 | 9 +++++++++
ChangeLog | 1 +
web/htdocs/htmllib.py | 7 +++++++
web/htdocs/wato.py | 4 ++++
4 files changed, 21 insertions(+)
diff --git a/.werks/2943 b/.werks/2943
new file mode 100644
index 0000000..f2f4413
--- /dev/null
+++ b/.werks/2943
@@ -0,0 +1,9 @@
+Title: Preventing issues with password completion of browsers on user and profile edit
pages
+Level: 1
+Component: wato
+Compatible: compat
+Version: 1.2.7i4
+Date: 1453380032
+Class: fix
+
+
diff --git a/ChangeLog b/ChangeLog
index 872a8a1..ae86c67 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -267,6 +267,7 @@
* 2825 FIX: Parameter overview page no longer raises an exception in certain
scenarios...
* 2925 FIX: Editing a notification rule for a missing user selected random other
user...
* 2905 FIX: Check plugins: Non existant man pages now result in helpful error
messages
+ * 2943 FIX: Preventing issues with password completion of browsers on user and
profile edit pages
Notifications:
* 2811 Mail notifications: Now able to add Host/Service Notes Url...
diff --git a/web/htdocs/htmllib.py b/web/htdocs/htmllib.py
index c334b13..d0e605a 100644
--- a/web/htdocs/htmllib.py
+++ b/web/htdocs/htmllib.py
@@ -257,6 +257,13 @@ class html(GUITester):
self.write("</form>\n")
self.form_name = None
+ def prevent_password_auto_completion(self):
+ # These fields are not really used by the form. They are used to prevent the
browsers
+ # from filling the default password and previous input fields in the form
+ # with password which are eventually saved in the browsers password store.
+ self.write("<input type=\"text\"
style=\"display:none;\">")
+ self.write("<input style=\"display:none\"
type=\"password\">")
+
def form_submitted(self, form_name=None):
if form_name:
return self.var("filled_in") == form_name
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 2e9e43a..f5078cf 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -10243,6 +10243,8 @@ def mode_edit_user(phase):
load_notification_scripts()
html.begin_form("user", method="POST")
+ html.prevent_password_auto_completion()
+
forms.header(_("Identity"))
# ID
@@ -10281,6 +10283,7 @@ def mode_edit_user(phase):
forms.header(_("Security"))
forms.section(_("Authentication"))
+
is_automation = user.get("automation_secret", None) != None
html.radiobutton("authmethod", "password", not is_automation,
_("Normal user login with password"))
@@ -13800,6 +13803,7 @@ def page_user_profile(change_pw=False):
return attr in locked_attributes
html.begin_form("profile", method="POST")
+ html.prevent_password_auto_completion()
html.write('<div class=wato>')
forms.header(_("Personal Settings"))