recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Add autocomplete=off to all non-login password forms

Summary: Fixes T5579. Modern browsers aggressively autofill credentials, but at least Firefox still behaves slightly better with this flag. Hopefully other browsers will follow suit.

Test Plan: Browsed various interfaces, verifying that login interfaces allow autocomplete while non-login interfaces do not.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5579

Differential Revision: https://secure.phabricator.com/D10253

epriestley bcdadf59 a5d24609

+29 -11
+1
src/applications/auth/provider/PhabricatorLDAPAuthProvider.php
··· 388 388 ->setName($key) 389 389 ->setLabel($label) 390 390 ->setCaption($caption) 391 + ->setDisableAutocomplete(true) 391 392 ->setValue($value); 392 393 break; 393 394 case 'textarea':
+3 -2
src/applications/auth/provider/PhabricatorOAuthAuthProvider.php
··· 113 113 $form 114 114 ->appendChild( 115 115 id(new AphrontFormTextControl()) 116 - ->setLabel($id_label) 116 + ->setLabel($id_label) 117 117 ->setName($key_id) 118 118 ->setValue($v_id) 119 119 ->setError($e_id)) 120 120 ->appendChild( 121 121 id(new AphrontFormPasswordControl()) 122 - ->setLabel($secret_label) 122 + ->setLabel($secret_label) 123 + ->setDisableAutocomplete(true) 123 124 ->setName($key_secret) 124 125 ->setValue($v_secret) 125 126 ->setError($e_secret))
+3
src/applications/diffusion/panel/DiffusionSetPasswordPanel.php
··· 125 125 $form 126 126 ->appendChild( 127 127 id(new AphrontFormPasswordControl()) 128 + ->setDisableAutocomplete(true) 128 129 ->setLabel(pht('Current Password')) 129 130 ->setDisabled(true) 130 131 ->setValue('********************')); ··· 139 140 $form 140 141 ->appendChild( 141 142 id(new AphrontFormPasswordControl()) 143 + ->setDisableAutocomplete(true) 142 144 ->setName('password') 143 145 ->setLabel(pht('New VCS Password')) 144 146 ->setError($e_password)) 145 147 ->appendChild( 146 148 id(new AphrontFormPasswordControl()) 149 + ->setDisableAutocomplete(true) 147 150 ->setName('confirm') 148 151 ->setLabel(pht('Confirm VCS Password')) 149 152 ->setError($e_confirm))
+1
src/applications/passphrase/controller/PassphraseCredentialEditController.php
··· 276 276 if ($type->shouldShowPasswordField()) { 277 277 $form->appendChild( 278 278 id(new AphrontFormPasswordControl()) 279 + ->setDisableAutocomplete(true) 279 280 ->setName('password') 280 281 ->setLabel($type->getPasswordLabel()) 281 282 ->setDisabled($credential_is_locked)
+2 -1
src/applications/passphrase/credentialtype/PassphraseCredentialTypePassword.php
··· 27 27 } 28 28 29 29 public function newSecretControl() { 30 - return new AphrontFormPasswordControl(); 30 + return id(new AphrontFormPasswordControl()) 31 + ->setDisableAutocomplete(true); 31 32 } 32 33 33 34 }
+9 -8
src/applications/people/controller/PhabricatorPeopleLdapController.php
··· 16 16 ->setUser($admin) 17 17 ->appendChild( 18 18 id(new AphrontFormTextControl()) 19 - ->setLabel(pht('LDAP username')) 20 - ->setName('username')) 19 + ->setLabel(pht('LDAP username')) 20 + ->setName('username')) 21 21 ->appendChild( 22 22 id(new AphrontFormPasswordControl()) 23 - ->setLabel(pht('Password')) 24 - ->setName('password')) 23 + ->setDisableAutocomplete(true) 24 + ->setLabel(pht('Password')) 25 + ->setName('password')) 25 26 ->appendChild( 26 27 id(new AphrontFormTextControl()) 27 - ->setLabel(pht('LDAP query')) 28 - ->setCaption(pht('A filter such as (objectClass=*)')) 29 - ->setName('query')) 28 + ->setLabel(pht('LDAP query')) 29 + ->setCaption(pht('A filter such as (objectClass=*)')) 30 + ->setName('query')) 30 31 ->appendChild( 31 32 id(new AphrontFormSubmitControl()) 32 - ->setValue(pht('Search'))); 33 + ->setValue(pht('Search'))); 33 34 34 35 $panel = id(new AphrontPanelView()) 35 36 ->setHeader(pht('Import LDAP Users'))
+2
src/applications/settings/panel/PhabricatorSettingsPanelPassword.php
··· 155 155 $form 156 156 ->appendChild( 157 157 id(new AphrontFormPasswordControl()) 158 + ->setDisableAutocomplete(true) 158 159 ->setLabel(pht('New Password')) 159 160 ->setError($e_new) 160 161 ->setName('new_pw')); 161 162 $form 162 163 ->appendChild( 163 164 id(new AphrontFormPasswordControl()) 165 + ->setDisableAutocomplete(true) 164 166 ->setLabel(pht('Confirm Password')) 165 167 ->setCaption($len_caption) 166 168 ->setError($e_conf)
+8
src/view/form/control/AphrontFormPasswordControl.php
··· 2 2 3 3 final class AphrontFormPasswordControl extends AphrontFormControl { 4 4 5 + private $disableAutocomplete; 6 + 7 + public function setDisableAutocomplete($disable_autocomplete) { 8 + $this->disableAutocomplete = $disable_autocomplete; 9 + return $this; 10 + } 11 + 5 12 protected function getCustomControlClass() { 6 13 return 'aphront-form-control-password'; 7 14 } ··· 14 21 'name' => $this->getName(), 15 22 'value' => $this->getValue(), 16 23 'disabled' => $this->getDisabled() ? 'disabled' : null, 24 + 'autocomplete' => ($this->disableAutocomplete ? 'off' : null), 17 25 'id' => $this->getID(), 18 26 )); 19 27 }