diff options
| author | Fred Thomsen <fredthomsen@fredthomsen.net> | 2013-01-01 15:54:58 -0500 |
|---|---|---|
| committer | Paul Arthur <flowerysong00@yahoo.com> | 2013-01-15 12:27:03 -0500 |
| commit | 15ddcc3448c97748897a28dc62862d729e5f0255 (patch) | |
| tree | 4fe68706b9f7566c28e9e3bd2c6e7c7981fe6a7e | |
| parent | e2ca05d5b419944adb3723ab0253c7c35418a0e4 (diff) | |
| download | ampache-15ddcc3448c97748897a28dc62862d729e5f0255.tar.gz ampache-15ddcc3448c97748897a28dc62862d729e5f0255.tar.bz2 ampache-15ddcc3448c97748897a28dc62862d729e5f0255.zip | |
Always output masked password
Previously, users who didn't have access to modify the password were
shown the actual current setting instead of asterisks.
| -rwxr-xr-x | docs/CHANGELOG | 2 | ||||
| -rw-r--r-- | lib/preferences.php | 7 |
2 files changed, 8 insertions, 1 deletions
diff --git a/docs/CHANGELOG b/docs/CHANGELOG index a839d76a..c333ca9b 100755 --- a/docs/CHANGELOG +++ b/docs/CHANGELOG @@ -4,6 +4,8 @@ -------------------------------------------------------------------------- v.3.6-FUTURE + - Fixed bug that disclosed passwords for plugins to users that didn't + have access to update the password (patch by Fred Thomsen) - Fixed streaming on Android devices and anything else that expects to be able to pass a playlist URL to an application and have it work - Removed the SHOUTcast localplay controller diff --git a/lib/preferences.php b/lib/preferences.php index 4f9a26b9..d13cdb71 100644 --- a/lib/preferences.php +++ b/lib/preferences.php @@ -142,7 +142,12 @@ function create_preference_input($name,$value) { echo "Disabled"; } else { - echo $value; + if (preg_match('/_pass$/', $name)) { + echo "******"; + } + else { + echo $value; + } } return; } // if we don't have access to it |