From 0d112d7901983a568f6a803f59f240afd434db61 Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Thu, 12 Mar 2020 19:45:23 +0100
Subject: Use placeholder values for password fields in external storage webui

This prevents the password from being sent to the webui.

While an admin will always be able to retrieve the passwords (as they
can do arbitrairy code execution by design) this prevents casual
password snooping

Signed-off-by: Robin Appelman <robin@icewind.nl>
---
 apps/files_external/lib/Controller/UserStoragesController.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'apps/files_external/lib/Controller/UserStoragesController.php')

diff --git a/apps/files_external/lib/Controller/UserStoragesController.php b/apps/files_external/lib/Controller/UserStoragesController.php
index 6f55af96d1d..46285c4758a 100644
--- a/apps/files_external/lib/Controller/UserStoragesController.php
+++ b/apps/files_external/lib/Controller/UserStoragesController.php
@@ -148,7 +148,7 @@ class UserStoragesController extends StoragesController {
 		$this->updateStorageStatus($newStorage);
 
 		return new DataResponse(
-			$newStorage,
+			$this->formatStorageForUI($newStorage),
 			Http::STATUS_CREATED
 		);
 	}
@@ -208,7 +208,7 @@ class UserStoragesController extends StoragesController {
 		$this->updateStorageStatus($storage, $testOnly);
 
 		return new DataResponse(
-			$storage,
+			$this->formatStorageForUI($storage),
 			Http::STATUS_OK
 		);
 
-- 
cgit v1.2.3