From e36479d759742f905eb223926375c745988777ba Mon Sep 17 00:00:00 2001
From: Mads Jensen <mlj@systime.dk>
Date: Sat, 25 Feb 2017 11:58:19 +0100
Subject: [PATCH] [BUGFIX] Don't update passwords if left untouched
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes a bug where editing a backend user record without updating the
password would result in the password being set to
the string literal "*********".

This reverts #79576 because the fix for showing the password hash in the readable
field was wrong and causing this bug.

Instead of forcing the database value in the hidden field to be asterisks,
we now correctly set the type of the human readable field to be password.

This triggers a special handling in the form engine JavaScript, not filling
the human readable field with the database value and switching to type text
when entering a new password.


Resolves: #79714
Reverts: #79576
Releases: master
Change-Id: Ia465293272131c32bbb9fd9b0d3916676e130996
Reviewed-on: https://review.typo3.org/51829
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Mads Lønne Jensen <mlj@systime.dk>
Tested-by: Mads Lønne Jensen <mlj@systime.dk>
Reviewed-by: Anders Kostending <aha@systime.dk>
Reviewed-by: Faton Haliti <fha@systime.dk>
Reviewed-by: Helmut Hummel <typo3@helhum.io>
Tested-by: Helmut Hummel <typo3@helhum.io>
---
 .../rsaauth/Classes/Form/Element/RsaInputElement.php     | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/typo3/sysext/rsaauth/Classes/Form/Element/RsaInputElement.php b/typo3/sysext/rsaauth/Classes/Form/Element/RsaInputElement.php
index 1a405c096a6e..16989664e528 100644
--- a/typo3/sysext/rsaauth/Classes/Form/Element/RsaInputElement.php
+++ b/typo3/sysext/rsaauth/Classes/Form/Element/RsaInputElement.php
@@ -53,13 +53,18 @@ class RsaInputElement extends AbstractFormElement
         $resultArray = $this->initializeResultArray();
         $resultArray['requireJsModules'] = ['TYPO3/CMS/Rsaauth/RsaEncryptionModule'];
 
-        $itemValue = $parameterArray['itemFormElValue'] ? '*********' : '';
+        $itemValue = $parameterArray['itemFormElValue'];
         $config = $parameterArray['fieldConf']['config'];
         $size = MathUtility::forceIntegerInRange($config['size'] ?: $this->defaultInputWidth, $this->minimumInputWidth, $this->maxInputWidth);
         $evalList = GeneralUtility::trimExplode(',', $config['eval'], true);
         $width = (int)$this->formMaxWidth($size);
+        $isPasswordField = in_array('password', $evalList, true);
 
         if ($config['readOnly']) {
+            // Early return for read only fields
+            if ($isPasswordField) {
+                $itemValue = $itemValue ? '*********' : '';
+            }
             $html = [];
             $html[] = '<div class="formengine-field-item t3js-formengine-field-item">';
             $html[] =   '<div class="form-wizards-wrap">';
@@ -126,7 +131,7 @@ class RsaInputElement extends AbstractFormElement
         if (isset($config['autocomplete'])) {
             $attributes['autocomplete'] = empty($config['autocomplete']) ? 'new-' . $fieldName : 'on';
         }
-        if (in_array('password', $evalList)) {
+        if ($isPasswordField) {
             $attributes['type'] = 'password';
             $attributes['value'] = $itemValue ? '*********' : '';
             $attributes['autocomplete'] = 'new-' . $fieldName;
-- 
GitLab