You are viewing a plain text version of this content. The canonical link for it is here.

Posted to asp@perl.apache.org by Ross Thomas <ro...@grinfinity.com> on 2002/04/29 12:34:57 UTC

Patch to skip passwords when filling forms

Here's a few extra lines I think make sense. Setting FormFillNoPasswords
to true causes HTML::FillInForm not to fill password fields.

--
Regards,
Ross Thomas

*** ASP.pm.orig	Wed Feb 27 02:44:24 2002
--- ASP.pm	Mon Apr 29 06:25:24 2002
***************
*** 3519,3524 ****
--- 3519,3525 ----
         ContentType => 'text/html',
         'Debug' => $asp->{dbg},
         FormFill => $r->dir_config('FormFill'),
+        FormFillNoPasswords => $r->dir_config('FormFillNoPasswords') || 0,
         IsClientConnected => 1,
         #       PICS => undef,
         #       Status => 200,
***************
*** 3775,3780 ****
--- 3776,3782 ----
  		     $form = $fif->fill(
  					scalarref => \$form,
  					fdat =>	$asp->{Request}{Form},
+ 					fill_password => $self->{FormFillNoPasswords} ? 0 : 1,
  					);
  		 };
  		 if($@) {
***************
*** 6966,6971 ****
--- 6968,6986 ----
  with $Response->{FormFill} = 1
  
    PerlSetVar FormFill 1
+ 
+ =item FormFillNoPasswords
+ 
+ default 0, if true will cause HTML::FillInForm to skip
+ filling in password fields. This could be beneficial from
+ a security perspective if the form in question is sent
+ over an insecure connection or if there is any possibility
+ that the page might get cached by a browser or proxy.
+ 
+ This feature can be enabled on a per form basis at runtime
+ with $Response->{FormFillNoPasswords} = 1
+ 
+   PerlSetVar FormFillNoPasswords 1
  
  =item TimeHiRes
  

---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org

Re: Patch to skip passwords when filling forms

Posted by Joshua Chamas <jo...@chamas.com>.

Ross Thomas wrote:
> 
> Here's a few extra lines I think make sense. Setting FormFillNoPasswords
> to true causes HTML::FillInForm not to fill password fields.
> 
> --
> Regards,
> Ross Thomas
> 

I'll get this in the next release, not 2.33.  The config will
probably be FormFillPasswords ... thanks for the patch.

--Josh
_________________________________________________________________
Joshua Chamas                           Chamas Enterprises Inc.
NodeWorks Founder                       Huntington Beach, CA  USA 
http://www.nodeworks.com                1-714-625-4051

---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org