seasharp
/
anvil
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Figured out a way to prevent browsers (for now, at least) from treating the node/host login form from saving passwords or pre-filling passwords.

Browse Source 
* Updated Get->cgi to not include any passwords in the cgi_string that is recorded for refresh.

Signed-off-by: Digimer <digimer@alteeve.ca>
main
Digimer 5 years ago
parent db1afb766e
commit b51f87bdcc
3 changed files with 47 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      Anvil/Tools/Get.pm
  2. 45
      html/skins/alteeve/anvil.html
  3. 3
      share/words.xml

5
Anvil/Tools/Get.pm
Unescape View File

@ -293,10 +293,13 @@ sub cgi
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { "cgi::${variable}::value" => $anvil->data->{cgi}{$variable}{value} }}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { "cgi::${variable}::value" => $anvil->data->{cgi}{$variable}{value} }});
} }
# Append to 'sys::cgi_string' # Append to 'sys::cgi_string', so long as the variable doesn't have 'passwd' or 'password' in it.
if (($variable !~ /password/) && ($variable !~ /passwd/))
{
$anvil->data->{sys}{cgi_string} .= "$variable=".$anvil->data->{cgi}{$variable}{value}."&"; $anvil->data->{sys}{cgi_string} .= "$variable=".$anvil->data->{cgi}{$variable}{value}."&";
} }
} }
}
# This is a pretty way of displaying the passed-in CGI variables. It loops through all we've got and # This is a pretty way of displaying the passed-in CGI variables. It loops through all we've got and
# sorts out the longest variable name. Then it loops again, appending '.' to shorter ones so that # sorts out the longest variable name. Then it loops again, appending '.' to shorter ones so that

45
html/skins/alteeve/anvil.html
Unescape View File

@ -74,21 +74,49 @@
<!-- start host-setup-menu1 --> <!-- start host-setup-menu1 -->
<table align="center" class="anvil_main_menu"> <table align="center" class="anvil_main_menu">
<div id="host-setup"> <div id="host-setup">
<tr>
<td colspan="3">
#!string!message_0146!#"
</td>
</tr>
<tr>
<td colspan="3">
<input type="radio" name="type" value="node" id="node" class="radio" #!variable!node_checked!#> #!string!message_0116!#" <br />
<input type="radio" name="type" value="dr" id="dr" class="radio" #!variable!dr_checked!#> #!string!message_0117!#"
</td>
</tr>
<tr>
<td colspan="3">
&nbsp;
</td>
</tr>
<tr>
<td colspan="3">
#!string!message_0147!#"
</td>
</tr>
<tr> <tr>
<td> <td>
<input type="text" name="ip_address" id="ip_address" value="#!variable!ip_address!#" autocomplete="off" placeholder="#!string!striker_0024!#" /> <input type="text" name="host_ip_address" id="host_ip_address" value="#!variable!ip_address!#" placeholder="#!string!striker_0024!#" />
</td> </td>
<td> <td>
&nbsp; &nbsp;
</td> </td>
<td> <td>
<input type="password" name="password" id="password" value="#!variable!password!#" autocomplete="off" placeholder="#!string!striker_0051!#" /> <!--
This combination of input type text, disk characters and autocomplete=off prevents browsers from pre-filling password and offering to save passwords.
-->
<input type="text" name="host_password" id="host_password" value="#!variable!password!#" style="text-security:disc; -webkit-text-security:disc;" autocomplete="off" placeholder="#!string!striker_0051!#" />
</td> </td>
</tr> </tr>
<tr> <tr>
<td colspan="3"> <td colspan="3">
<input type="radio" name="type" value="node" id="node" class="radio" #!variable!node_checked!#> #!string!message_0116!#" <br /> &nbsp;
<input type="radio" name="type" value="dr" id="dr" class="radio" #!variable!dr_checked!#> #!string!message_0117!#" </td>
</tr>
<tr>
<td colspan="3">
#!string!message_0148!#"
</td> </td>
</tr> </tr>
<tr> <tr>
@ -99,12 +127,17 @@
&nbsp; &nbsp;
</td> </td>
<td> <td>
<input type="password" name="rh_password" id="rh_password" value="#!variable!rh_password!#" placeholder="#!string!message_0145!#" /> <input type="text" name="rh_password" id="rh_password" value="#!variable!rh_password!#" style="text-security:disc; -webkit-text-security:disc;" autocomplete="off" placeholder="#!string!message_0145!#" />
</td>
</tr>
<tr>
<td colspan="3">
&nbsp;
</td> </td>
</tr> </tr>
<tr> <tr>
<td colspan="3"> <td colspan="3">
<input type="submit" name="login" id="login" class="button" value="#!string!striker_0049!#"> <input type="submit" name="connect" id="connect" class="button" value="#!string!striker_0049!#">
</td> </td>
</tr> </tr>
</div> </div>

3
share/words.xml
Unescape View File

@ -250,6 +250,9 @@ About to try to download aproximately: [#!variable!packages!#] packages needed t
<key name="message_0143">The zone: [#!variable!zone!#]'s user-land file: [#!variable!file!#] exists. Skipping checking the configuration of this zone.</key> <key name="message_0143">The zone: [#!variable!zone!#]'s user-land file: [#!variable!file!#] exists. Skipping checking the configuration of this zone.</key>
<key name="message_0144">Red Hat user</key> <key name="message_0144">Red Hat user</key>
<key name="message_0145">Red Hat password</key> <key name="message_0145">Red Hat password</key>
<key name="message_0146">What kind of machine will this host be?</key>
<key name="message_0147"><![CDATA[What is the host's <b>current</b> IP address and password?]]></key>
<key name="message_0148"><![CDATA[(Optional); If this is a RHEL 8 host and has not yet been subscribed,<br />you can enter your Red Hat subscription credentials below.<br />If needed, the host will be subscribed during setup.]]></key>
<!-- Log entries --> <!-- Log entries -->
<key name="log_0001">Starting: [#!variable!program!#].</key> <key name="log_0001">Starting: [#!variable!program!#].</key>

Write Preview
Loading…
Cancel
Save