diff options
author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2011-01-29 10:08:45 +0000 |
---|---|---|
committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2011-01-29 10:08:45 +0000 |
commit | d654ff6ddec48348dcf2ce056d6de2f0995e2e5e (patch) | |
tree | 23aea2b1252af8c662cf57a1fd4669655eb7abd4 /modules | |
parent | d21d6401130b3e2e5e5418ccc82fb765d84f7ffb (diff) | |
download | brdo-d654ff6ddec48348dcf2ce056d6de2f0995e2e5e.tar.gz brdo-d654ff6ddec48348dcf2ce056d6de2f0995e2e5e.tar.bz2 |
#690980 by Dave Reid, grendzy, cwgordon7: Security hardening: Ensure password fields are empty on display.
Diffstat (limited to 'modules')
-rw-r--r-- | modules/user/user.test | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/user/user.test b/modules/user/user.test index d999c85e2..31e19e267 100644 --- a/modules/user/user.test +++ b/modules/user/user.test @@ -406,6 +406,7 @@ class UserLoginTestCase extends DrupalWebTestCase { 'pass' => $account->pass_raw, ); $this->drupalPost('user', $edit, t('Log in')); + $this->assertNoFieldByXPath("//input[@name='pass' and @value!='']", NULL, t('Password value attribute is blank.')); if (isset($flood_trigger)) { if ($flood_trigger == 'user') { $this->assertRaw(format_plural(variable_get('user_failed_login_user_limit', 5), 'Sorry, there has been more than one failed login attempt for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', 'Sorry, there have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => url('user/password')))); |