Project

General

Profile

Actions

Bug #69153

closed

Password in form is transferred as asterisks to TYPO3

Added by Olaf Döring over 9 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
-
Target version:
Start date:
2015-08-18
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
7
PHP Version:
5.6
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:
Remote Sprint

Description

Testing with current 3.0.2-dev and TYPO3 7.4 the password for connecting to the LDAP-Server is stored as "********" in database.

Changing it directly in database to the correct password will work and password will be kept correctly if you do not change it.

Changing the Password in Backend-Form will also store "********" in Database.

Testet in Chrome and Internet Explorer 11. Perhaps it is an TYPO3 7.4 issue.

Actions #1

Updated by Xavier Perseguers about 9 years ago

  • Status changed from New to Accepted
Actions #2

Updated by Xavier Perseguers about 9 years ago

Post request contains the asterisks:

------WebKitFormBoundary8dsJqzTTfI8XX6Lg
Content-Disposition: form-data; name="data[tx_igldapssoauth_config][3][ldap_password]_hr" 

********
------WebKitFormBoundary8dsJqzTTfI8XX6Lg
Content-Disposition: form-data; name="data[tx_igldapssoauth_config][3][ldap_password]" 

********
------WebKitFormBoundary8dsJqzTTfI8XX6Lg
Actions #3

Updated by Xavier Perseguers about 9 years ago

  • Project changed from 614 to TYPO3 Core
  • Subject changed from Password not written to database to Password in form is transferred as asterisks to TYPO3
  • Target version set to 7.5
  • PHP Version set to 5.6
  • Is Regression set to Yes
  • Sprint Focus set to Remote Sprint

How to reproduce

E.g., with EXT:ig_ldap_sso_auth, trying to create a standard record of type LDAP/SSO configuration.

Symptom

The Bind Password (second tab) cannot be saved, it is systematically converted to '*********' both in main field and in human readable one (_hr suffix in FormEngine).

Analysis

The faulty value is put into fields when the password field looses the focus, turning password into garberish but not storing the plain text (real) password either, making it impossible to retrieve it at a later stage and thus effectively persisting '*********' to the database.

Actions #4

Updated by Gerrit Code Review about 9 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/42858

Actions #5

Updated by Xavier Perseguers about 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #6

Updated by Riccardo De Contardi about 7 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF