From d7da9074b2f9be278591281bb6edf398009e2f66 Mon Sep 17 00:00:00 2001
From: Nicole Cordes <typo3@cordes.co>
Date: Sat, 26 Sep 2015 14:26:19 +0200
Subject: [PATCH] [BUGFIX] Encrypt hidden field with rsaauth

Instead of encrypting the visible field, the value of
the hidden field for rsa input fields have to be encrypted.

Resolves: #70118
Releases: master
Change-Id: I369a81d8168cda33097c4e1d3a0b86d96503e4bc
Reviewed-on: http://review.typo3.org/43581
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Tested-by: Andreas Fernandez <typo3@scripting-base.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
---
 typo3/sysext/rsaauth/Classes/Form/Element/RsaInputElement.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/typo3/sysext/rsaauth/Classes/Form/Element/RsaInputElement.php b/typo3/sysext/rsaauth/Classes/Form/Element/RsaInputElement.php
index eb7f866f3179..d160965a5414 100644
--- a/typo3/sysext/rsaauth/Classes/Form/Element/RsaInputElement.php
+++ b/typo3/sysext/rsaauth/Classes/Form/Element/RsaInputElement.php
@@ -47,7 +47,6 @@ class RsaInputElement extends AbstractFormElement {
 		$classes = array();
 		$attributes = array(
 			'type' => 'text',
-			'data-rsa-encryption' => $parameterArray['itemFormElID'] . '_hidden',
 			'value' => '',
 		);
 
@@ -138,7 +137,7 @@ class RsaInputElement extends AbstractFormElement {
 			. $parameterArray['onFocus'] . ' />';
 
 		// This is the ACTUAL form field - values from the EDITABLE field must be transferred to this field which is the one that is written to the database.
-		$html .= '<input type="hidden" id="' . $parameterArray['itemFormElID'] . '_hidden" name="' . $parameterArray['itemFormElName'] . '" value="' . htmlspecialchars($parameterArray['itemFormElValue']) . '" />';
+		$html .= '<input type="hidden" data-rsa-encryption="" id="' . $parameterArray['itemFormElID'] . '_hidden" name="' . $parameterArray['itemFormElName'] . '" value="' . htmlspecialchars($parameterArray['itemFormElValue']) . '" />';
 
 		// Going through all custom evaluations configured for this field
 		// @todo: Similar to above code!
-- 
GitLab