XWIKI-9017 : Possibility to see passwords hash in document history #92
Conversation
| @@ -52,6 +52,8 @@ $escapedChunk## | |||
| <dt>$propertyDisplay</dt> | |||
| #if ("$!diff.propType" == 'TextArea') | |||
| <dd>#unifiedDiff($diff.prevValue $diff.newValue)</dd> | |||
| #elseif($diff.propType == 'Password' || ($diff.getClassName() == 'XWiki.XWikiUsers' && $propertyDisplay == 'e-Mail')) | |||
There was a problem hiding this comment.
$propertyDisplay is not something stable, since it can be translated, and in other languages it might look different.
Why not check if $diff.propType == 'Email'? That's a new type of field, and the XWikiUsers class should be updated to use it, if it didn't happen already.
There was a problem hiding this comment.
You're right. I wasn't aware of the Email type, it's a good idea :)
…king for Email propType instead of using the display name.
| @@ -52,6 +52,8 @@ $escapedChunk## | |||
| <dt>$propertyDisplay</dt> | |||
| #if ("$!diff.propType" == 'TextArea') | |||
| <dd>#unifiedDiff($diff.prevValue $diff.newValue)</dd> | |||
| #elseif($diff.propType == 'Password' || ($diff.getClassName() == 'XWiki.XWikiUsers' && $diff.propType == 'Email')) | |||
There was a problem hiding this comment.
I wonder if the getClassName condition is necessary. Shouldn't all emails be hidden?
There was a problem hiding this comment.
I'm not sure we should always hide them : in others cases than users profiles, I guess these emails would be most of the time public ones. Perhaps we should rather add a field in the email property metaclass to let admins choose whether a given email field should be hidden or not ?
There was a problem hiding this comment.
Don't forget to change the email type in the XWiki.XWikiUsers class: https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/internal/mandatory/XWikiUsersDocumentInitializer.java#L87
XWIKI-9017: Possibility to see passwords hash in document history
No description provided.