OC 6.0.0 When sharing WebODF documents by link and e-mail with password: password input is visible (DON'T DO THAT)

[Wikinaut]

(originally filed as owncloud/core#6368, now closed there.)

OC 6.0.0 When sharing WebODF documents by link and e-mail with password: password input is visible (DON'T DO THAT)

No milestone
No one is assigned

When you as user Alice share - this is one of the new features of OC 6 - an ODT document with Bob and send a mail with a hash link and password to Bob,

Bob visits that link and is prompted to enter the password.

Bug:

The input of the password is not hidden it is visible in clear text, which can be dangerous in public environments. Please fix this, it is probably only a matter of adding type="password" to the input tag.

Pull request coming soon.

[Wikinaut]

fixed in 0d9a73d

[menelic]

When will this be included in the documents app?And how can I get a secure but stable pre-release version in case this takes longer? Sorry for the end-user question but I am using the app for collaboration so I am concerned about the security implications of this. Please let me know, thanks!

[Wikinaut]

@menelic hi, until this tiny fix 0d9a73d is actually backported (or ported) to the distribution files, you can easily(!) apply this change manually, the full filename is

/your-server/owncloud/apps/documents/template/public.php

change

- <input type="text" name="password" placeholder="<?php p($l->t('Password')) ?>" />
+ <input type="password" name="password" placeholder="<?php p($l->t('Password')) ?>" />

[Wikinaut]

I propose, that this fix is backported to 6.0.0

[karlitschek]

backported a22b358

[karlitschek]

backported