You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by cr...@apache.org on 2001/02/01 01:48:08 UTC
cvs commit: jakarta-struts/src/share/org/apache/struts/taglib/html BaseFieldTag.java
craigmcc 01/01/31 16:48:08
Modified: src/share/org/apache/struts/taglib/html BaseFieldTag.java
Log:
Do not redisplay the contents of a field of type <html:password>, because
this caused the actual value to be included in the page source of the rendered
page. This could lead to security concerns, for example if the password was
invalid due to a simple typo.
Submitted by: Frederic Bages <fr...@in-fusio.com>
Revision Changes Path
1.3 +5 -5 jakarta-struts/src/share/org/apache/struts/taglib/html/BaseFieldTag.java
Index: BaseFieldTag.java
===================================================================
RCS file: /home/cvs/jakarta-struts/src/share/org/apache/struts/taglib/html/BaseFieldTag.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- BaseFieldTag.java 2001/01/08 00:48:17 1.2
+++ BaseFieldTag.java 2001/02/01 00:48:07 1.3
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-struts/src/share/org/apache/struts/taglib/html/BaseFieldTag.java,v 1.2 2001/01/08 00:48:17 craigmcc Exp $
- * $Revision: 1.2 $
- * $Date: 2001/01/08 00:48:17 $
+ * $Header: /home/cvs/jakarta-struts/src/share/org/apache/struts/taglib/html/BaseFieldTag.java,v 1.3 2001/02/01 00:48:07 craigmcc Exp $
+ * $Revision: 1.3 $
+ * $Date: 2001/02/01 00:48:07 $
*
* ====================================================================
*
@@ -79,7 +79,7 @@
* Convenience base class for the various input tags for text fields.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.2 $ $Date: 2001/01/08 00:48:17 $
+ * @version $Revision: 1.3 $ $Date: 2001/02/01 00:48:07 $
*/
public abstract class BaseFieldTag extends BaseInputTag {
@@ -170,7 +170,7 @@
results.append(" value=\"");
if (value != null) {
results.append(BeanUtils.filter(value));
- } else {
+ } else if (!"password".equals(type)) {
Object bean = pageContext.findAttribute(name);
if (bean == null)
throw new JspException