Skip to content
Permalink
Browse files

Hide password values from visible HTML in the Advanced Config page

Fixes issue #228
  • Loading branch information...
luccioman committed Sep 21, 2018
1 parent 75b9cd5 commit c409ec089c39e0adad5a2d63e1a9bb69688de19c
Showing with 15 additions and 4 deletions.
  1. +10 −3 htroot/ConfigProperties_p.html
  2. +5 −1 htroot/ConfigProperties_p.java
@@ -9,8 +9,15 @@
<script type="text/javascript">
<!--
function element_clicked(element){
document.getElementById("key").value=element.id.substring(1);
document.getElementById("value").value=element.value;
var key = element.id.substring(1);
document.getElementById("key").value = key;
var valueField = document.getElementById("value");
if(key.endsWith("Password")) {
valueField.type = "password";
} else {
valueField.type = "text";
}
valueField.value=element.value;
}
function filterList(){
list=document.getElementsByName("options")[0];
@@ -51,7 +58,7 @@ <h2>Advanced Config</h2>
</p>
<select name="options" size="36" style="width: 600px">
#{options}#
<option id="k#[key]#" value="#[value]#" onclick="element_clicked(this)">#[key]#: #[value]#</option>
<option id="k#[key]#" value="#[value]#" onclick="element_clicked(this)">#[key]#: #[visibleValue]#</option>
#{/options}#
</select><br />
<form action="ConfigProperties_p.html" method="post" accept-charset="UTF-8">
@@ -82,7 +82,11 @@ public static serverObjects respond(final RequestHeader header, final serverObje
// only display lines if they are no commment
if (!key.startsWith("#")) {
prop.putHTML("options_" + count + "_key", key);
prop.putHTML("options_" + count + "_value", env.getConfig(key, "ERROR"));
value = env.getConfig(key, "ERROR");
prop.putHTML("options_" + count + "_value", value);
/* Hide password values from visible text */
prop.putHTML("options_" + count + "_visibleValue",
key.endsWith("Password") ? value.replaceAll("\\S", "*") : value);
count++;
}
}

0 comments on commit c409ec0

Please sign in to comment.
You can’t perform that action at this time.