mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-13 04:22:07 +02:00
Code Issues Projects Releases Wiki Activity

Merge branch 'MDL-45772-master-4' of git://github.com/xow/moodle

Browse Source
This commit is contained in:
Andrew Nicols 2015-08-04 09:56:47 +08:00
commit fec4959809
5 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
admin/search.php
View File

@ -46,6 +46,8 @@ $resultshtml = admin_search_settings_html($query); // case insensitive search on
echo '<form action="' . $PAGE->url->out(true) . '" method="post" id="adminsettings">';
echo '<div>';
echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
// HACK to prevent browsers from automatically inserting the user's password into the wrong fields.
echo prevent_form_autofill_password();
echo '</div>';
echo '<fieldset>';
echo '<div class="clearer"><!-- --></div>';

4
admin/settings.php
View File

@ -77,6 +77,8 @@ if (empty($SITE->fullname)) {
echo html_writer::input_hidden_params($PAGE->url);
echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
echo '<input type="hidden" name="return" value="'.$return.'" />';
// HACK to prevent browsers from automatically inserting the user's password into the wrong fields.
echo prevent_form_autofill_password();
echo $settingspage->output_html();
@ -119,6 +121,8 @@ if (empty($SITE->fullname)) {
echo html_writer::input_hidden_params($PAGE->url);
echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
echo '<input type="hidden" name="return" value="'.$return.'" />';
// HACK to prevent browsers from automatically inserting the user's password into the wrong fields.
echo prevent_form_autofill_password();
echo $OUTPUT->heading($settingspage->visiblename);
echo $settingspage->output_html();

2
admin/upgradesettings.php
View File

@ -63,6 +63,8 @@ echo '<form action="upgradesettings.php" method="post" id="adminsettings">';
echo '<div>';
echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
echo '<input type="hidden" name="return" value="'.$return.'" />';
// HACK to prevent browsers from automatically inserting the user's password into the wrong fields.
echo prevent_form_autofill_password();
echo '<fieldset>';
echo '<div class="clearer"><!-- --></div>';
echo $newsettingshtml;

4
lib/formslib.php
View File

@ -188,6 +188,10 @@ abstract class moodleform {
$this->_form->hardFreeze();
}
// HACK to prevent browsers from automatically inserting the user's password into the wrong fields.
$element = $this->_form->addElement('hidden');
$element->setType('password');
$this->definition();
$this->_form->addElement('hidden', 'sesskey', null); // automatic sesskey protection

10
lib/weblib.php
View File

@ -3561,3 +3561,13 @@ function get_formatted_help_string($identifier, $component, $ajax = false, $a =
}
return $data;
}
/**
* Renders a hidden password field so that browsers won't incorrectly autofill password fields with the user's password.
*
* @since 3.0
* @return string HTML to prevent password autofill
*/
function prevent_form_autofill_password() {
return '<div class="hide"><input type="password" /></div>';
}