Commit d654ff6d authored by webchick's avatar webchick

#690980 by Dave Reid, grendzy, cwgordon7: Security hardening: Ensure password...

#690980 by Dave Reid, grendzy, cwgordon7: Security hardening: Ensure password fields are empty on display.
parent d21d6401
......@@ -3724,7 +3724,7 @@ function theme_textarea($variables) {
function theme_password($variables) {
$element = $variables['element'];
$element['#attributes']['type'] = 'password';
element_set_attributes($element, array('id', 'name', 'value', 'size', 'maxlength'));
element_set_attributes($element, array('id', 'name', 'size', 'maxlength'));
_form_set_class($element, array('form-text'));
return '<input' . drupal_attributes($element['#attributes']) . ' />';
......
......@@ -406,6 +406,7 @@ class UserLoginTestCase extends DrupalWebTestCase {
'pass' => $account->pass_raw,
);
$this->drupalPost('user', $edit, t('Log in'));
$this->assertNoFieldByXPath("//input[@name='pass' and @value!='']", NULL, t('Password value attribute is blank.'));
if (isset($flood_trigger)) {
if ($flood_trigger == 'user') {
$this->assertRaw(format_plural(variable_get('user_failed_login_user_limit', 5), 'Sorry, there has been more than one failed login attempt for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', 'Sorry, there have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => url('user/password'))));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment