diff options
author | Jan-Christoph Borchardt <hey@jancborchardt.net> | 2014-01-24 18:58:56 +0100 |
---|---|---|
committer | Jan-Christoph Borchardt <hey@jancborchardt.net> | 2014-01-24 18:58:56 +0100 |
commit | 150d3856a0d3d82e3a7a4b4f6ae5899ed047a681 (patch) | |
tree | f95a04d576ba2c938ba9a4df3bbc75efb1f0976e /settings/templates | |
parent | 3bea9b8ddde4a013200345f16dfcd4391f0eb151 (diff) | |
download | nextcloud-server-150d3856a0d3d82e3a7a4b4f6ae5899ed047a681.tar.gz nextcloud-server-150d3856a0d3d82e3a7a4b4f6ae5899ed047a681.zip |
prevent autofill for password change settings, prevent leak of existing password, fix #6552
Diffstat (limited to 'settings/templates')
-rw-r--r-- | settings/templates/personal.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/settings/templates/personal.php b/settings/templates/personal.php index 1518b48b979..07d75587d5e 100644 --- a/settings/templates/personal.php +++ b/settings/templates/personal.php @@ -39,9 +39,11 @@ if($_['passwordChangeSupported']) { <h2><?php p($l->t('Password'));?></h2> <div id="passwordchanged"><?php echo $l->t('Your password was changed');?></div> <div id="passworderror"><?php echo $l->t('Unable to change your password');?></div> - <input type="password" id="pass1" name="oldpassword" placeholder="<?php echo $l->t('Current password');?>" /> + <input type="password" id="pass1" name="oldpassword" + placeholder="<?php echo $l->t('Current password');?>" autocomplete="off" /> <input type="password" id="pass2" name="personal-password" - placeholder="<?php echo $l->t('New password');?>" data-typetoggle="#personal-show" /> + placeholder="<?php echo $l->t('New password');?>" + data-typetoggle="#personal-show" autocomplete="off" /> <input type="checkbox" id="personal-show" name="show" /><label for="personal-show"></label> <input id="passwordbutton" type="submit" value="<?php echo $l->t('Change password');?>" /> <br/> |