* Fix some bugs in password handling:

- If the password is empty in preferences, don't clear the existing
    password.
  - Actually check the confirm password field, even if it's left empty.
master
joey 2007-05-17 08:06:05 +00:00
parent 7717342db7
commit 739325834b
4 changed files with 30 additions and 16 deletions

View File

@ -30,6 +30,17 @@ sub formbuilder_setup (@) { #{{{
$form->field(name => "email", size => 50); $form->field(name => "email", size => 50);
$form->title("register"); $form->title("register");
$form->text(""); $form->text("");
$form->field(name => "confirm_password",
validate => sub {
shift eq $form->field("password");
},
);
$form->field(name => "password",
validate => sub {
shift eq $form->field("confirm_password");
},
);
} }
if ($form->submitted) { if ($form->submitted) {
@ -46,12 +57,6 @@ sub formbuilder_setup (@) { #{{{
} }
if ($submittype eq "Create Account") { if ($submittype eq "Create Account") {
$form->field(
name => "confirm_password",
validate => sub {
shift eq $form->field("password");
},
);
$form->field( $form->field(
name => "account_creation_password", name => "account_creation_password",
validate => sub { validate => sub {
@ -120,13 +125,15 @@ sub formbuilder_setup (@) { #{{{
value => $session->param("name"), force => 1, value => $session->param("name"), force => 1,
fieldset => "login"); fieldset => "login");
$form->field(name => "password", type => "password", $form->field(name => "password", type => "password",
fieldset => "login"); fieldset => "login",
validate => sub {
shift eq $form->field("confirm_password");
}),
$form->field(name => "confirm_password", type => "password", $form->field(name => "confirm_password", type => "password",
fieldset => "login", fieldset => "login",
validate => sub { validate => sub {
shift eq $form->field("password"); shift eq $form->field("password");
}); }),
} }
} }
@ -197,7 +204,7 @@ sub formbuilder (@) { #{{{
if ($form->submitted eq "Save Preferences" && $form->validate) { if ($form->submitted eq "Save Preferences" && $form->validate) {
my $user_name=$form->field('name'); my $user_name=$form->field('name');
foreach my $field (qw(password)) { foreach my $field (qw(password)) {
if (defined $form->field($field)) { if (defined $form->field($field) && length $form->field($field)) {
IkiWiki::userinfo_set($user_name, $field, $form->field($field)) || IkiWiki::userinfo_set($user_name, $field, $form->field($field)) ||
error("failed to set $field"); error("failed to set $field");
} }

6
debian/changelog vendored
View File

@ -32,8 +32,12 @@ ikiwiki (2.1) UNRELEASED; urgency=low
there. there.
* Patch from hb to fix the pagestats plugin, which was broken by a past * Patch from hb to fix the pagestats plugin, which was broken by a past
change to the backlinks() function. change to the backlinks() function.
* Fix some bugs in password handling:
- If the password is empty in preferences, don't clear the existing
password.
- Actually check the confirm password field, even if it's left empty.
-- Joey Hess <joeyh@debian.org> Sat, 12 May 2007 13:55:19 -0400 -- Joey Hess <joeyh@debian.org> Thu, 17 May 2007 04:02:04 -0400
ikiwiki (2.00) unstable; urgency=low ikiwiki (2.00) unstable; urgency=low

View File

@ -0,0 +1,7 @@
I have just deleted my password, accidentally (which is not a crisis, but it shouldn't really happen).
I logged in to tweak my page subscriptions, did so, and clicked 'save preferences' - unfortunately, the password boxes are cleared when you arrive at the preferences page and if you don't fill them in again then the new password (which is blank) gets saved. I'm sure I'm not the first one to notice this - I'm just writing here because I've not yet found anywhere where this inconvenience is documented.
-- [[KarlMW]]
[[fixed|done]] --[[Joey]]

View File

@ -1,5 +1 @@
I have just deleted my password, accidentally (which is not a crisis, but it shouldn't really happen). moved to [[bugs/password_deletion]] --[[Joey]]
I logged in to tweak my page subscriptions, did so, and clicked 'save preferences' - unfortunately, the password boxes are cleared when you arrive at the preferences page and if you don't fill them in again then the new password (which is blank) gets saved. I'm sure I'm not the first one to notice this - I'm just writing here because I've not yet found anywhere where this inconvenience is documented.
-- [[KarlMW]]