diff options
| author | Dries Buytaert <dries@buytaert.net> | 2006-01-24 10:15:03 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2006-01-24 10:15:03 +0000 |
| commit | 6f978a04f91dfc50f268e3c871c1a4205d6091ab (patch) | |
| tree | d8a6a28632a6d70ded3470676b81e8f046a6866e | |
| parent | 4c83a0347a2bb923953ef72f03e68c0488bfc555 (diff) | |
| download | brdo-6f978a04f91dfc50f268e3c871c1a4205d6091ab.tar.gz brdo-6f978a04f91dfc50f268e3c871c1a4205d6091ab.tar.bz2 | |
- Patch #45793 by chx: fixed bug in user.module that results in storing plain text passwords.
| -rw-r--r-- | includes/form.inc | 39 | ||||
| -rw-r--r-- | modules/system.module | 2 | ||||
| -rw-r--r-- | modules/system/system.module | 2 |
3 files changed, 25 insertions, 18 deletions
diff --git a/includes/form.inc b/includes/form.inc index a3771e702..8d98dc0ff 100644 --- a/includes/form.inc +++ b/includes/form.inc @@ -203,11 +203,13 @@ function _form_validate($elements, $form_id = NULL) { * edit[foo][bar] then you may pass either foo or foo][bar as $name * foo will set an error for all its children. */ -function form_set_error($name = NULL, $message = NULL) { +function form_set_error($name = NULL, $message = '') { static $form = array(); if (isset($name) && !isset($form[$name])) { $form[$name] = $message; - drupal_set_message($message, 'error'); + if ($message) { + drupal_set_message($message, 'error'); + } } return $form; } @@ -240,7 +242,7 @@ function form_get_error($element) { /** * Flag an element as having an error. */ -function form_error(&$element, $message) { +function form_error(&$element, $message = '') { $element['#error'] = TRUE; form_set_error(implode('][', $element['#parents']), $message); } @@ -274,6 +276,7 @@ function _form_builder($form_id, $form) { $edit = isset($edit[$parent]) ? $edit[$parent] : NULL; $ref =& $ref[$parent]; } + $form['#ref'] = &$ref; if (!isset($form['#value'])) { if ($posted) { if (isset($edit)) { @@ -342,7 +345,7 @@ function _form_builder($form_id, $form) { if (isset($form['#after_build']) && function_exists($form['#after_build']) && !isset($form['#after_build_done'])) { $function = $form['#after_build']; - $form = $function($form, $form_values, $ref); + $form = $function($form, $form_values); $form['#after_build_done'] = TRUE; } @@ -587,20 +590,23 @@ function theme_password_confirm($element) { } /** - * Build password_confirm element. + * Validate password_confirm element. */ -function password_confirm_after_build($form, $form_values, &$ref) { - if (isset($form_values['pass1'])) { - $pass1 = trim($form_values['pass1']); - $pass2 = trim($form_values['pass2']); - unset($form_values['pass1'], $form_values['pass2']); +function password_confirm_validate($form) { + if (isset($form['pass1']['#value'])) { + $pass1 = trim($form['pass1']['#value']); + $pass2 = trim($form['pass2']['#value']); + $form['pass1']['#ref'] = NULL; + $form['pass2']['#ref'] = NULL; if ($pass1 != $pass2) { - form_set_error('pass1', t('The specified passwords do not match.')); - } - elseif ($form['#required'] && !$pass1) { - form_set_error('pass1', t('Password field is required.')); + form_error($form, t('The specified passwords do not match.')); + form_error($form['pass1']); + form_error($form['pass2']); } - $ref = $pass1; + $form['#ref'] = $pass1; + } + elseif ($form['#required'] && !empty($_POST['edit'])) { + form_set_error('pass1', t('Password field is required.')); } return $form; } @@ -926,8 +932,9 @@ function theme_weight($element) { function theme_file($element) { return theme('form_element', $element['#title'], '<input type="file" class="'. _form_get_class('form-file', $element['#required'], form_get_error($element)) .'" name="'. $element['#name'] .'"'. ($element['#attributes'] ? ' '. drupal_attributes($element['#attributes']) : '') .' id="'. form_clean_id($element['#id']) .'" size="'. $element['#size'] ."\" />\n", $element['#description'], $element['#id'], $element['#required'], form_get_error($element)); } + function _form_get_class($name, $required, $error) { - return $name. ($required ? ' required' : '') . ($error ? ' error' : ''); + return $name. ($required ? ' required' : '') . (isset($error) ? ' error' : ''); } /** diff --git a/modules/system.module b/modules/system.module index f96de2e92..edb0b99c2 100644 --- a/modules/system.module +++ b/modules/system.module @@ -68,7 +68,7 @@ function system_elements() { '#value' => 'pass', 'pass1' => array('#type' => 'password', '#size' => 12, '#maxlength' => 24), 'pass2' => array('#type' => 'password', '#size' => 12, '#maxlength' => 24), - '#after_build' => 'password_confirm_after_build', + '#validate' => array('password_confirm_validate' => ''), ); $type['textarea'] = array('#input' => TRUE, '#cols' => 60, '#rows' => 5); $type['radios'] = array('#input' => TRUE, '#process' => array('expand_radios' => array())); diff --git a/modules/system/system.module b/modules/system/system.module index f96de2e92..edb0b99c2 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -68,7 +68,7 @@ function system_elements() { '#value' => 'pass', 'pass1' => array('#type' => 'password', '#size' => 12, '#maxlength' => 24), 'pass2' => array('#type' => 'password', '#size' => 12, '#maxlength' => 24), - '#after_build' => 'password_confirm_after_build', + '#validate' => array('password_confirm_validate' => ''), ); $type['textarea'] = array('#input' => TRUE, '#cols' => 60, '#rows' => 5); $type['radios'] = array('#input' => TRUE, '#process' => array('expand_radios' => array())); |