diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2015-06-04 14:06:35 +0200 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2015-06-04 14:06:35 +0200 |
| commit | 6ca3a30576ae1bac68d5f4ef5dec286f000131ee (patch) | |
| tree | 0f2397a9f3cd6d47c8f338e06e792ed741c823c0 /phpBB/includes/functions_acp.php | |
| parent | db3782e4912e2945a546309dab38a4c00bd0f5c5 (diff) | |
| download | forums-6ca3a30576ae1bac68d5f4ef5dec286f000131ee.tar forums-6ca3a30576ae1bac68d5f4ef5dec286f000131ee.tar.gz forums-6ca3a30576ae1bac68d5f4ef5dec286f000131ee.tar.bz2 forums-6ca3a30576ae1bac68d5f4ef5dec286f000131ee.tar.xz forums-6ca3a30576ae1bac68d5f4ef5dec286f000131ee.zip | |
[ticket/sec-184] Do not output config passwords to the HTML page
SECURITY-184
Diffstat (limited to 'phpBB/includes/functions_acp.php')
| -rw-r--r-- | phpBB/includes/functions_acp.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index a53a54368e..d566336d26 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -245,8 +245,13 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars) switch ($tpl_type[0]) { - case 'text': case 'password': + if ($new[$config_key] !== '') + { + // replace passwords with asterixes + $new[$config_key] = '********'; + } + case 'text': case 'url': case 'email': case 'color': |