From 855a4b66ccd31681d2e2b3651a331541713220d9 Mon Sep 17 00:00:00 2001
From: Ghislain Loas <ghislo@sandbox.pergame.net>
Date: Mon, 9 Nov 2015 15:40:29 +0100
Subject: [PATCH] hotline #32687 add input type password
---
VERSIONS_HOTLINE/32687 | 1 +
application/modules/admin/views/scripts/users/_form.phtml | 2 +-
.../modules/admin/controllers/UsersControllerTest.php | 7 +++++++
3 files changed, 9 insertions(+), 1 deletion(-)
create mode 100644 VERSIONS_HOTLINE/32687
diff --git a/VERSIONS_HOTLINE/32687 b/VERSIONS_HOTLINE/32687
new file mode 100644
index 00000000000..bc479435302
--- /dev/null
+++ b/VERSIONS_HOTLINE/32687
@@ -0,0 +1 @@
+ - ticket #32687 : Correction de faille de sécurité dans la partie administration: le champs password n'est plus visible dans le formulaire de modification d'un utilisateur.
\ No newline at end of file
diff --git a/application/modules/admin/views/scripts/users/_form.phtml b/application/modules/admin/views/scripts/users/_form.phtml
index 221eb51d64f..192e3168ba9 100644
--- a/application/modules/admin/views/scripts/users/_form.phtml
+++ b/application/modules/admin/views/scripts/users/_form.phtml
@@ -15,7 +15,7 @@
</tr>
<tr>
<td class="droite">Mot de passe *</td>
- <td class="gauche"><input type="text" name="password" onkeypress="if (event.keyCode == 13) {javascript:PicToolbarOver( getElementById('menu_item975'), 'menu_item975');this.form.submit();return false;}" value="<?php echo $this->escape($this->user->getPassword());?>"/></td>
+ <td class="gauche"><input type="password" name="password" onkeypress="if (event.keyCode == 13) {javascript:PicToolbarOver( getElementById('menu_item975'), 'menu_item975');this.form.submit();return false;}" value="<?php echo $this->escape($this->user->getPassword());?>"/></td>
</tr>
<tr>
<td class="droite">Nom </td>
diff --git a/tests/application/modules/admin/controllers/UsersControllerTest.php b/tests/application/modules/admin/controllers/UsersControllerTest.php
index ddd36a72a8e..3a8c4a40d6d 100644
--- a/tests/application/modules/admin/controllers/UsersControllerTest.php
+++ b/tests/application/modules/admin/controllers/UsersControllerTest.php
@@ -256,6 +256,13 @@ class UsersControllerEditMarcusAsAbonPortailTest extends UsersControllerWithMarc
$this->dispatch('/admin/users/edit/id/10');
$this->assertNotXPath('//select[@name="bib"]');
}
+
+
+ /** @test */
+ public function passwordShouldBeInputTypePassword() {
+ $this->dispatch('/admin/users/edit/id/10');
+ $this->assertXPath('//input[@type="password"][@name="password"]');
+ }
}
--
GitLab