From 59fbe531209545ca3f02b12fbc67d8a5c2982cf4 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Sat, 15 Sep 2007 21:38:05 +0000
Subject: [PATCH] mlanthaler: In PasswordField::performReadonlyTransformation()
 was an E_NOTICE error. Instead of fixing it, I changed also the behavior.
 There are displayed now always five stars, so it is impossible to use the
 information of the password length for brute-force attacks. (merged from
 branches/gsoc)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@41953 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 forms/PasswordField.php | 50 +++++++++++++++++++++++++----------------
 1 file changed, 31 insertions(+), 19 deletions(-)

diff --git a/forms/PasswordField.php b/forms/PasswordField.php
index baf03a7c3..55bbb947c 100755
--- a/forms/PasswordField.php
+++ b/forms/PasswordField.php
@@ -1,38 +1,50 @@
 <?php
+
 /**
- * Text input field.
+ * Password input field.
  */
 class PasswordField extends FormField {
-	protected $maxLength;
-	
+
 	/**
-	 * Returns an input field, class="text" and type="text" with an optional maxlength
+	 * maxlength of the password field
+	 *
+	 * @var int
 	 */
-	function __construct($name, $title = null, $value = "", $maxLength = null ){
+	protected $maxLength;
+
+
+	/**
+	 * Returns an input field, class="text" and type="text" with an optional
+	 * maxlength
+	 */
+	function __construct($name, $title = null, $value = "", $maxLength = null) {
 		$this->maxLength = $maxLength;
-		parent::__construct($name, $title, $value);	
+		parent::__construct($name, $title, $value);
 	}
-	 
+
+
 	function Field() {
-		if($this->maxLength){
-			return "<input class=\"text\" type=\"password\" id=\"" . $this->id() . "\" name=\"{$this->name}\" value=\"" . $this->attrValue() . "\" maxlength=\"$this->maxLength\" size=\"$this->maxLength\"/>";
-		}else{
-			return "<input class=\"text\" type=\"password\" id=\"" . $this->id() . "\" name=\"{$this->name}\" value=\"" . $this->attrValue() . "\" />"; 
+		if($this->maxLength) {
+			return "<input class=\"text\" type=\"password\" id=\"" . $this->id() .
+				"\" name=\"{$this->name}\" value=\"" . $this->attrValue() .
+				"\" maxlength=\"$this->maxLength\" size=\"$this->maxLength\"/>";
+		} else {
+			return "<input class=\"text\" type=\"password\" id=\"" . $this->id() .
+				"\" name=\"{$this->name}\" value=\"" . $this->attrValue() . "\" />";
 		}
 	}
-	
+
+
 	/**
-	 * Makes a pretty readonly field with stars the length of the password instead of the 
-	 * actual one. ;)
+	 * Makes a pretty readonly field with some stars in it
 	 */
 	function performReadonlyTransformation() {
-		$stars = '';
-		$count = strlen($this->attrValue());
-		do{	$stars .= "*";} while(strlen($stars) <= $count);
-		 
-		$field = new ReadonlyField($this->name,$this->title ? $this->title : "",$stars);
+		$stars = '*****';
+
+		$field = new ReadonlyField($this->name, $this->title ? $this->title : '', $stars);
 		$field->setForm($this->form);
 		return $field;
 	}
 }
+
 ?>
\ No newline at end of file