Re: [Postfixadmin-devel] SF.net SVN: postfixadmin: [106] trunk/templates/admin_edit-admin.tpl
Brought to you by:
christian_boltz,
gingerdog
From: Christian B. <pos...@cb...> - 2007-10-04 00:03:44
|
Hello, just going through the svn commits... Am Freitag, 28. September 2007 schrieb Gin...@us...: > Revision: 106 > Author: GingerDog > fix template for edit-admin > --- trunk/templates/admin_edit-admin.tpl 2007-09-28 20:35:19 UTC (rev > 105) +++ trunk/templates/admin_edit-admin.tpl 2007-09-28 20:35:43 UTC > (rev 106) @@ -10,7 +10,7 @@ > </tr> > <tr> > <td><?php print $PALANG['pAdminEdit_admin_password'] . ":"; > ?></td> > - <td><input class="flat" type="password" name="fPassword" > - /></td> > + <td><input class="flat" type="password" name="fPassword" > + value="<?= $fPassword; ?>"/></td> I consider it security-critical to include the password in the HTML code (browser cache etc.). Luckily, this code seems to be buggy - at least, it never included the password for me. Please undo this part of your change again. Argh, it seems admin/edit-admin.php needs some fixes... I just fixed some password-related bugs in edit-admin.php: - When entering a password in the first field and leaving the second one empty, the password was changed anyways. - It was also changed to an empty password if you left both fields empty. This is a bad idea because you often modify some admin settings without even knowing his password. One bug is remaining in admin/edit-admin.php: When editing an admin, it does not take the "active" status from the database. This means editing an admin always disables it (unless you correct the checkbox yourself). Can you please fix this? Regards, Christian Boltz -- If you think that's too esoteric: we usually forget to put out pre-build floppy images and are reminded by customers asking our supporters. :-) [Steffen Winterfeldt in opensuse about boot floppies] |