mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
Merge pull request #2128 from hafriedlander/fix/hashleak
FIX: ConfirmedPasswordField used to expose existing hash
This commit is contained in:
commit
ba10d270b3
@ -239,7 +239,10 @@ class ConfirmedPasswordField extends FormField {
|
|||||||
*
|
*
|
||||||
* @return ConfirmedPasswordField
|
* @return ConfirmedPasswordField
|
||||||
*/
|
*/
|
||||||
public function setValue($value) {
|
public function setValue($value, $data = null) {
|
||||||
|
// If $data is a DataObject, don't use the value, since it's a hashed value
|
||||||
|
if ($data && $data instanceof DataObject) $value = '';
|
||||||
|
|
||||||
if(is_array($value)) {
|
if(is_array($value)) {
|
||||||
if($value['_Password'] || (!$value['_Password'] && !$this->canBeEmpty)) {
|
if($value['_Password'] || (!$value['_Password'] && !$this->canBeEmpty)) {
|
||||||
$this->value = $value['_Password'];
|
$this->value = $value['_Password'];
|
||||||
|
@ -15,6 +15,26 @@ class ConfirmedPasswordFieldTest extends SapphireTest {
|
|||||||
$this->assertEquals('valueB', $field->children->fieldByName($field->getName() . '[_ConfirmPassword]')->Value());
|
$this->assertEquals('valueB', $field->children->fieldByName($field->getName() . '[_ConfirmPassword]')->Value());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testHashHidden() {
|
||||||
|
$field = new ConfirmedPasswordField('Password', 'Password', 'valueA');
|
||||||
|
$field->setCanBeEmpty(true);
|
||||||
|
|
||||||
|
$this->assertEquals('valueA', $field->Value());
|
||||||
|
$this->assertEquals('valueA', $field->children->fieldByName($field->getName() . '[_Password]')->Value());
|
||||||
|
$this->assertEquals('valueA', $field->children->fieldByName($field->getName() . '[_ConfirmPassword]')->Value());
|
||||||
|
|
||||||
|
$member = new Member();
|
||||||
|
$member->Password = "valueB";
|
||||||
|
$member->write();
|
||||||
|
|
||||||
|
$form = new Form($this, 'Form', new FieldList($field), new FieldList());
|
||||||
|
$form->loadDataFrom($member);
|
||||||
|
|
||||||
|
$this->assertEquals('', $field->Value());
|
||||||
|
$this->assertEquals('', $field->children->fieldByName($field->getName() . '[_Password]')->Value());
|
||||||
|
$this->assertEquals('', $field->children->fieldByName($field->getName() . '[_ConfirmPassword]')->Value());
|
||||||
|
}
|
||||||
|
|
||||||
public function testSetShowOnClick() {
|
public function testSetShowOnClick() {
|
||||||
//hide by default and display show/hide toggle button
|
//hide by default and display show/hide toggle button
|
||||||
$field = new ConfirmedPasswordField('Test', 'Testing', 'valueA', null, true);
|
$field = new ConfirmedPasswordField('Test', 'Testing', 'valueA', null, true);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user