You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 24, 2018. It is now read-only.
OC 6.0.0 When sharing WebODF documents by link and e-mail with password: password input is visible (DON'T DO THAT)
No milestone
No one is assigned
When you as user Alice share - this is one of the new features of OC 6 - an ODT document with Bob and send a mail with a hash link and password to Bob,
Bob visits that link and is prompted to enter the password.
Bug:
The input of the password is not hidden it is visible in clear text, which can be dangerous in public environments. Please fix this, it is probably only a matter of adding type="password" to the input tag.
Pull request coming soon.
The text was updated successfully, but these errors were encountered:
When will this be included in the documents app?And how can I get a secure but stable pre-release version in case this takes longer? Sorry for the end-user question but I am using the app for collaboration so I am concerned about the security implications of this. Please let me know, thanks!
@menelic hi, until this tiny fix 0d9a73d is actually backported (or ported) to the distribution files, you can easily(!) apply this change manually, the full filename is
(originally filed as owncloud/core#6368, now closed there.)
OC 6.0.0 When sharing WebODF documents by link and e-mail with password: password input is visible (DON'T DO THAT)
No milestone
No one is assigned
When you as user Alice share - this is one of the new features of OC 6 - an ODT document with Bob and send a mail with a hash link and password to Bob,
Bob visits that link and is prompted to enter the password.
Bug:
The input of the password is not hidden it is visible in clear text, which can be dangerous in public environments. Please fix this, it is probably only a matter of adding type="password" to the input tag.
Pull request coming soon.
The text was updated successfully, but these errors were encountered: