Permalink
Browse files

FIX: ConfirmedPasswordField used to expose existing hash

  • Loading branch information...
1 parent 6bc9cfe commit f2c4a629a731123b097790d361ebbac84989e46a Hamish Friedlander committed with mateusz Jun 20, 2013
Showing with 24 additions and 1 deletion.
  1. +4 −1 forms/ConfirmedPasswordField.php
  2. +20 −0 tests/forms/ConfirmedPasswordFieldTest.php
@@ -192,7 +192,10 @@ public function setChildrenTitles($titles) {
/**
* Value is sometimes an array, and sometimes a single value, so we need to handle both cases
*/
- public function setValue($value) {
+ public function setValue($value, $data = null) {
+ // If $data is a DataObject, don't use the value, since it's a hashed value
+ if ($data && $data instanceof DataObject) $value = '';
+
if(is_array($value)) {
if($value['_Password'] || (!$value['_Password'] && !$this->canBeEmpty)) {
$this->value = $value['_Password'];
@@ -15,6 +15,26 @@ public function testSetValue() {
$this->assertEquals('valueB', $field->children->fieldByName($field->getName() . '[_ConfirmPassword]')->Value());
}
+ public function testHashHidden() {
+ $field = new ConfirmedPasswordField('Password', 'Password', 'valueA');
+ $field->setCanBeEmpty(true);
+
+ $this->assertEquals('valueA', $field->Value());
+ $this->assertEquals('valueA', $field->children->fieldByName($field->getName() . '[_Password]')->Value());
+ $this->assertEquals('valueA', $field->children->fieldByName($field->getName() . '[_ConfirmPassword]')->Value());
+
+ $member = new Member();
+ $member->Password = "valueB";
+ $member->write();
+
+ $form = new Form($this, 'Form', new FieldList($field), new FieldList());
+ $form->loadDataFrom($member);
+
+ $this->assertEquals('', $field->Value());
+ $this->assertEquals('', $field->children->fieldByName($field->getName() . '[_Password]')->Value());
+ $this->assertEquals('', $field->children->fieldByName($field->getName() . '[_ConfirmPassword]')->Value());
+ }
+
public function testSetShowOnClick() {
//hide by default and display show/hide toggle button
$field = new ConfirmedPasswordField('Test', 'Testing', 'valueA', null, true);

0 comments on commit f2c4a62

Please sign in to comment.