Fixed bug #14307: fe_user passwords are visible in the info popup window in the backe...
authorSteffen Kamper <info@sk-typo3.de>
Wed, 5 May 2010 13:59:42 +0000 (13:59 +0000)
committerSteffen Kamper <info@sk-typo3.de>
Wed, 5 May 2010 13:59:42 +0000 (13:59 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@7536 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_befunc.php

index 0417713..75af7e9 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2010-05-05  Steffen Kamper  <info@sk-typo3.de>
+
+       * Fixed bug #14307: fe_user passwords are visible in the info popup window in the backend (thanks to Lars Houmark)
+
 2010-05-04 Francois Suter  <francois@typo3.org>
 
        * Fixed bug #14255: Navigation title field should also be displayed on shortcuts page (thanks to Steffen Gebert)
index 9f5979e..2789f17 100644 (file)
@@ -2286,6 +2286,15 @@ final class t3lib_BEfunc {
                                break;
                        }
 
+                               // If this field is a password field, then hide the password by changing it to a random number of asterisk (*)
+                       if (stristr($theColConf['eval'], 'password')) {
+                               unset($l);
+                               $randomNumber = rand(5, 12);
+                               for ($i=0; $i < $randomNumber; $i++) {
+                                       $l .= '*';
+                               }
+                       }
+
                                /*****************
                                 *HOOK: post-processing the human readable output from a record
                                 ****************/