You are viewing a plain text version of this content. The canonical link for it is here.
Posted to asp@perl.apache.org by Ross Thomas <ro...@grinfinity.com> on 2002/04/29 12:34:57 UTC
Patch to skip passwords when filling forms
Here's a few extra lines I think make sense. Setting FormFillNoPasswords
to true causes HTML::FillInForm not to fill password fields.
--
Regards,
Ross Thomas
*** ASP.pm.orig Wed Feb 27 02:44:24 2002
--- ASP.pm Mon Apr 29 06:25:24 2002
***************
*** 3519,3524 ****
--- 3519,3525 ----
ContentType => 'text/html',
'Debug' => $asp->{dbg},
FormFill => $r->dir_config('FormFill'),
+ FormFillNoPasswords => $r->dir_config('FormFillNoPasswords') || 0,
IsClientConnected => 1,
# PICS => undef,
# Status => 200,
***************
*** 3775,3780 ****
--- 3776,3782 ----
$form = $fif->fill(
scalarref => \$form,
fdat => $asp->{Request}{Form},
+ fill_password => $self->{FormFillNoPasswords} ? 0 : 1,
);
};
if($@) {
***************
*** 6966,6971 ****
--- 6968,6986 ----
with $Response->{FormFill} = 1
PerlSetVar FormFill 1
+
+ =item FormFillNoPasswords
+
+ default 0, if true will cause HTML::FillInForm to skip
+ filling in password fields. This could be beneficial from
+ a security perspective if the form in question is sent
+ over an insecure connection or if there is any possibility
+ that the page might get cached by a browser or proxy.
+
+ This feature can be enabled on a per form basis at runtime
+ with $Response->{FormFillNoPasswords} = 1
+
+ PerlSetVar FormFillNoPasswords 1
=item TimeHiRes
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
Re: Patch to skip passwords when filling forms
Posted by Joshua Chamas <jo...@chamas.com>.
Ross Thomas wrote:
>
> Here's a few extra lines I think make sense. Setting FormFillNoPasswords
> to true causes HTML::FillInForm not to fill password fields.
>
> --
> Regards,
> Ross Thomas
>
I'll get this in the next release, not 2.33. The config will
probably be FormFillPasswords ... thanks for the patch.
--Josh
_________________________________________________________________
Joshua Chamas Chamas Enterprises Inc.
NodeWorks Founder Huntington Beach, CA USA
http://www.nodeworks.com 1-714-625-4051
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org