[BUGFIX] Don't update passwords if left untouched 29/51829/4
authorMads Jensen <mlj@systime.dk>
Sat, 25 Feb 2017 10:58:19 +0000 (11:58 +0100)
committerHelmut Hummel <typo3@helhum.io>
Sat, 25 Feb 2017 13:44:17 +0000 (14:44 +0100)
Fixes a bug where editing a backend user record without updating the
password would result in the password being set to
the string literal "*********".

This reverts #79576 because the fix for showing the password hash in the readable
field was wrong and causing this bug.

Instead of forcing the database value in the hidden field to be asterisks,
we now correctly set the type of the human readable field to be password.

This triggers a special handling in the form engine JavaScript, not filling
the human readable field with the database value and switching to type text
when entering a new password.

Resolves: #79714
Reverts: #79576
Releases: master
Change-Id: Ia465293272131c32bbb9fd9b0d3916676e130996
Reviewed-on: https://review.typo3.org/51829
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Mads Lønne Jensen <mlj@systime.dk>
Tested-by: Mads Lønne Jensen <mlj@systime.dk>
Reviewed-by: Anders Kostending <aha@systime.dk>
Reviewed-by: Faton Haliti <fha@systime.dk>
Reviewed-by: Helmut Hummel <typo3@helhum.io>
Tested-by: Helmut Hummel <typo3@helhum.io>
typo3/sysext/rsaauth/Classes/Form/Element/RsaInputElement.php

index 1a405c0..1698966 100644 (file)
@@ -53,13 +53,18 @@ class RsaInputElement extends AbstractFormElement
         $resultArray = $this->initializeResultArray();
         $resultArray['requireJsModules'] = ['TYPO3/CMS/Rsaauth/RsaEncryptionModule'];
 
-        $itemValue = $parameterArray['itemFormElValue'] ? '*********' : '';
+        $itemValue = $parameterArray['itemFormElValue'];
         $config = $parameterArray['fieldConf']['config'];
         $size = MathUtility::forceIntegerInRange($config['size'] ?: $this->defaultInputWidth, $this->minimumInputWidth, $this->maxInputWidth);
         $evalList = GeneralUtility::trimExplode(',', $config['eval'], true);
         $width = (int)$this->formMaxWidth($size);
+        $isPasswordField = in_array('password', $evalList, true);
 
         if ($config['readOnly']) {
+            // Early return for read only fields
+            if ($isPasswordField) {
+                $itemValue = $itemValue ? '*********' : '';
+            }
             $html = [];
             $html[] = '<div class="formengine-field-item t3js-formengine-field-item">';
             $html[] =   '<div class="form-wizards-wrap">';
@@ -126,7 +131,7 @@ class RsaInputElement extends AbstractFormElement
         if (isset($config['autocomplete'])) {
             $attributes['autocomplete'] = empty($config['autocomplete']) ? 'new-' . $fieldName : 'on';
         }
-        if (in_array('password', $evalList)) {
+        if ($isPasswordField) {
             $attributes['type'] = 'password';
             $attributes['value'] = $itemValue ? '*********' : '';
             $attributes['autocomplete'] = 'new-' . $fieldName;