Don't show passwords in the sources edit view #632
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Plus minor reorderings and translation of new stuff into German
Passwords are not shown in the source edit view and only changed if the user types a new password in the field.
SSilence
added a commit
that referenced
this pull request
May 6, 2015
Don't show passwords in the sources edit view
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Right now anyone with access to a selfoss instance can read passwords the victim has entered there for a bunch of other sites.
With this pull request source parameters of type 'password' are empty, with a placeholder saying 'not changed', if the user entered a password there before. If the user doesn't enter anything into the password fields the old passwords are used. If the user changes a password the new password is used.
What do you think?