Skip to content

Commit 8156a74

Browse files
author
miigotu
authored
Hide passwords in plain html, for when SR is not password protected (#4361)
* Hide passwords in plain html, for when SR is not password protected * XMLEscape parameter values sent as GET or POST
1 parent ffa8398 commit 8156a74

9 files changed

+172
-120
lines changed

Diff for: gui/slick/views/config_anime.mako

+5-4
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
<%inherit file="/layouts/config.mako"/>
22
<%!
33
import sickbeard
4+
from sickbeard.filters import hide
45
from sickbeard.helpers import anon_url
56
%>
67

@@ -67,10 +68,10 @@
6768
<div class="col-lg-9 col-md-9 col-sm-8 col-xs-12 pull-right">
6869
<div class="row">
6970
<div class="col-md-12">
70-
<input type="password" name="anidb_password" id="anidb_password"
71-
value="${sickbeard.ANIDB_PASSWORD}"
72-
class="form-control input-sm input350 pull-left" autocomplete="no"
73-
autocapitalize="off" title="Password"/>
71+
<input
72+
type="password" name="anidb_password" id="anidb_password" value="${sickbeard.ANIDB_PASSWORD|hide}"
73+
class="form-control input-sm input350 pull-left" autocomplete="no" autocapitalize="off" title="Password"
74+
/>
7475
</div>
7576
</div>
7677
<div class="row">

Diff for: gui/slick/views/config_general.mako

+10-3
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
66
import sickbeard
77
from sickbeard.common import SKIPPED, ARCHIVED, IGNORED, statusStrings, cpu_presets
8+
from sickbeard.filters import hide
89
from sickbeard.sbdatetime import sbdatetime, date_presets, time_presets
910
from sickbeard.helpers import anon_url, LOCALE_NAMES
1011
@@ -702,7 +703,9 @@
702703
<div class="col-lg-9 col-md-8 col-sm-7 col-xs-12 component-desc">
703704
<div class="row">
704705
<div class="col-md-12">
705-
<input type="password" name="web_password" id="web_password" value="${sickbeard.WEB_PASSWORD}" class="form-control input-sm input300" autocomplete="no" autocapitalize="off"/>
706+
<input
707+
type="password" name="web_password" id="web_password" value="${sickbeard.WEB_PASSWORD|hide}"
708+
class="form-control input-sm input300" autocomplete="no" autocapitalize="off"/>
706709
</div>
707710
</div>
708711
<div class="row">
@@ -1150,7 +1153,8 @@
11501153
<div class="col-lg-9 col-md-8 col-sm-7 col-xs-12 component-desc">
11511154
<div class="row">
11521155
<div class="col-md-12">
1153-
<input type="password" name="git_password" id="git_password" value="${sickbeard.GIT_PASSWORD}" class="form-control input-sm input300" autocomplete="no" autocapitalize="off" />
1156+
<input type="password" name="git_password" id="git_password" value="${sickbeard.GIT_PASSWORD|hide}"
1157+
class="form-control input-sm input300" autocomplete="no" autocapitalize="off" />
11541158
</div>
11551159
</div>
11561160
<div class="row">
@@ -1170,7 +1174,10 @@
11701174
<div class="col-lg-9 col-md-8 col-sm-7 col-xs-12 component-desc">
11711175
<div class="row">
11721176
<div class="col-md-12">
1173-
<input type="text" name="git_token" id="git_token" value="${sickbeard.GIT_TOKEN}" class="form-control input-sm input350" autocapitalize="off" autocomplete="no" />
1177+
<input
1178+
type="text" name="git_token" id="git_token" value="${sickbeard.GIT_TOKEN|hide}"
1179+
class="form-control input-sm input350" autocapitalize="off" autocomplete="no"
1180+
/>
11741181
% if not sickbeard.GIT_TOKEN:
11751182
<input class="btn btn-inline" type="button" id="create_access_token" value="${_('Generate Token')}">
11761183
% else:

Diff for: gui/slick/views/config_notifications.mako

+24-6
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
<%inherit file="/layouts/config.mako"/>
22
<%!
3-
import sickbeard
43
import re
4+
import sickbeard
5+
from sickbeard.filters import hide
56
from sickbeard.helpers import anon_url
67
%>
78

@@ -159,7 +160,10 @@
159160
<div class="col-lg-9 col-md-8 col-sm-7 col-xs-12 component-desc">
160161
<div class="row">
161162
<div class="col-md-12">
162-
<input type="password" name="kodi_password" id="kodi_password" value="${sickbeard.KODI_PASSWORD}" class="form-control input-sm input250" autocomplete="no" autocapitalize="off" />
163+
<input
164+
type="password" name="kodi_password" id="kodi_password" value="${sickbeard.KODI_PASSWORD|hide}"
165+
class="form-control input-sm input250" autocomplete="no" autocapitalize="off"
166+
/>
163167
</div>
164168
</div>
165169
<div class="row">
@@ -264,7 +268,11 @@
264268
<div class="col-lg-9 col-md-8 col-sm-7 col-xs-12 component-desc">
265269
<div class="row">
266270
<div class="col-md-12">
267-
<input type="password" name="plex_server_password" id="plex_server_password" value="${'*' * len(sickbeard.PLEX_SERVER_PASSWORD)}" class="form-control input-sm input250" autocomplete="no" autocapitalize="off" />
271+
<input
272+
type="password" name="plex_server_password" id="plex_server_password"
273+
value="${sickbeard.PLEX_SERVER_PASSWORD|hide}" class="form-control input-sm input250"
274+
autocomplete="no" autocapitalize="off"
275+
/>
268276
</div>
269277
</div>
270278
<div class="row">
@@ -431,7 +439,11 @@
431439
<div class="col-lg-9 col-md-8 col-sm-7 col-xs-12 component-desc">
432440
<div class="row">
433441
<div class="col-md-12">
434-
<input type="password" name="plex_client_password" id="plex_client_password" value="${'*' * len(sickbeard.PLEX_CLIENT_PASSWORD)}" class="form-control input-sm input250" autocomplete="no" autocapitalize="off" />
442+
<input
443+
type="password" name="plex_client_password" id="plex_client_password"
444+
value="${sickbeard.PLEX_CLIENT_PASSWORD|hide}" class="form-control input-sm input250"
445+
autocomplete="no" autocapitalize="off"
446+
/>
435447
</div>
436448
</div>
437449
<div class="row">
@@ -1092,7 +1104,10 @@
10921104
<div class="col-lg-9 col-md-8 col-sm-7 col-xs-12 component-desc">
10931105
<div class="row">
10941106
<div class="col-md-12">
1095-
<input type="password" name="growl_password" id="growl_password" value="${sickbeard.GROWL_PASSWORD}" class="form-control input-sm input250" autocomplete="no" autocapitalize="off" />
1107+
<input
1108+
type="password" name="growl_password" id="growl_password" value="${sickbeard.GROWL_PASSWORD|hide}"
1109+
class="form-control input-sm input250" autocomplete="no" autocapitalize="off"
1110+
/>
10961111
</div>
10971112
</div>
10981113
<div class="row">
@@ -3009,7 +3024,10 @@
30093024
<div class="col-lg-9 col-md-8 col-sm-7 col-xs-12 component-desc">
30103025
<div class="row">
30113026
<div class="col-md-12">
3012-
<input type="password" name="email_password" id="email_password" value="${sickbeard.EMAIL_PASSWORD}" class="form-control input-sm input250" autocomplete="no" autocapitalize="off" />
3027+
<input
3028+
type="password" name="email_password" id="email_password" value="${sickbeard.EMAIL_PASSWORD|hide}"
3029+
class="form-control input-sm input250" autocomplete="no" autocapitalize="off"
3030+
/>
30133031
</div>
30143032
</div>
30153033
<div class="row">

Diff for: gui/slick/views/config_providers.mako

+18-14
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
<%inherit file="/layouts/config.mako"/>
22
<%!
33
import sickbeard
4+
from sickbeard.filters import hide
45
from sickbeard.helpers import anon_url
56
from sickrage.providers.GenericProvider import GenericProvider
67
%>
@@ -428,10 +429,11 @@
428429
<label class="component-title">${_('Password')}</label>
429430
</div>
430431
<div class="col-lg-9 col-md-8 col-sm-7 col-xs-12 component-desc">
431-
<input type="password" name="${curTorrentProvider.get_id()}_password"
432-
id="${curTorrentProvider.get_id()}_password"
433-
value="${curTorrentProvider.password | h}" class="form-control input-sm input350"
434-
autocomplete="no" autocapitalize="off"/>
432+
<input
433+
type="password" name="${curTorrentProvider.get_id()}_password"
434+
id="${curTorrentProvider.get_id()}_password" value="${curTorrentProvider.password|hide}"
435+
class="form-control input-sm input350" autocomplete="no" autocapitalize="off"
436+
/>
435437
</div>
436438
</div>
437439
% endif
@@ -442,10 +444,10 @@
442444
<label class="component-title">${_('Passkey')}</label>
443445
</div>
444446
<div class="col-lg-9 col-md-8 col-sm-7 col-xs-12 component-desc">
445-
<input type="text" name="${curTorrentProvider.get_id()}_passkey"
446-
id="${curTorrentProvider.get_id()}_passkey"
447-
value="${curTorrentProvider.passkey}" class="form-control input-sm input350"
448-
autocapitalize="off"/>
447+
<input
448+
type="text" name="${curTorrentProvider.get_id()}_passkey" id="${curTorrentProvider.get_id()}_passkey"
449+
value="${curTorrentProvider.passkey|hide}" class="form-control input-sm input350" autocapitalize="off"
450+
/>
449451
</div>
450452
</div>
451453
% endif
@@ -484,10 +486,11 @@
484486
<label class="component-title">${_('Pin')}</label>
485487
</div>
486488
<div class="col-lg-9 col-md-8 col-sm-7 col-xs-12 component-desc">
487-
<input type="password" name="${curTorrentProvider.get_id()}_pin"
488-
id="${curTorrentProvider.get_id()}_pin" value="${curTorrentProvider.pin}"
489-
class="form-control input-sm input100" autocomplete="no"
490-
autocapitalize="off"/>
489+
<input
490+
type="password" name="${curTorrentProvider.get_id()}_pin"
491+
id="${curTorrentProvider.get_id()}_pin" value="${curTorrentProvider.pin|hide}"
492+
class="form-control input-sm input100" autocomplete="no" autocapitalize="off"
493+
/>
491494
</div>
492495
</div>
493496
% endif
@@ -781,8 +784,9 @@
781784
<div class="col-lg-9 col-md-8 col-sm-7 col-xs-12 component-desc">
782785
<div class="row">
783786
<div class="col-md-12">
784-
<input type="password" id="newznab_key"
785-
class="form-control input-sm input350" autocapitalize="off"/>
787+
<input
788+
type="password" id="newznab_key" class="form-control input-sm input350" autocapitalize="off"
789+
/>
786790
</div>
787791
</div>
788792
<div class="row">

0 commit comments

Comments
 (0)