From 9c84b3b5fb488aa2a04f521e4fc070531e0fa02b Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Thu, 4 Jun 2015 14:09:22 +0200
Subject: [ticket/sec-184] Do not output Jabber password to HTML

SECURITY-184
---
 phpBB/includes/acp/acp_jabber.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'phpBB/includes/acp/acp_jabber.php')

diff --git a/phpBB/includes/acp/acp_jabber.php b/phpBB/includes/acp/acp_jabber.php
index 8d2e9d41a3..284543acd3 100644
--- a/phpBB/includes/acp/acp_jabber.php
+++ b/phpBB/includes/acp/acp_jabber.php
@@ -107,7 +107,10 @@ class acp_jabber
 			set_config('jab_host', $jab_host);
 			set_config('jab_port', $jab_port);
 			set_config('jab_username', $jab_username);
-			set_config('jab_password', $jab_password);
+			if ($jab_password !== '********')
+			{
+				set_config('jab_password', $jab_password);
+			}
 			set_config('jab_package_size', $jab_package_size);
 			set_config('jab_use_ssl', $jab_use_ssl);
 
@@ -122,7 +125,7 @@ class acp_jabber
 			'JAB_HOST'				=> $jab_host,
 			'JAB_PORT'				=> ($jab_port) ? $jab_port : '',
 			'JAB_USERNAME'			=> $jab_username,
-			'JAB_PASSWORD'			=> $jab_password,
+			'JAB_PASSWORD'			=> $jab_password !== '' ? '********' : '',
 			'JAB_PACKAGE_SIZE'		=> $jab_package_size,
 			'JAB_USE_SSL'			=> $jab_use_ssl,
 			'S_CAN_USE_SSL'			=> jabber::can_use_ssl(),
-- 
cgit v1.2.1