From d654ff6ddec48348dcf2ce056d6de2f0995e2e5e Mon Sep 17 00:00:00 2001
From: Angie Byron <webchick@24967.no-reply.drupal.org>
Date: Sat, 29 Jan 2011 10:08:45 +0000
Subject: #690980 by Dave Reid, grendzy, cwgordon7: Security hardening: Ensure
 password fields are empty on display.

---
 modules/user/user.test | 1 +
 1 file changed, 1 insertion(+)

(limited to 'modules/user')

diff --git a/modules/user/user.test b/modules/user/user.test
index d999c85e2..31e19e267 100644
--- a/modules/user/user.test
+++ b/modules/user/user.test
@@ -406,6 +406,7 @@ class UserLoginTestCase extends DrupalWebTestCase {
       'pass' => $account->pass_raw,
     );
     $this->drupalPost('user', $edit, t('Log in'));
+    $this->assertNoFieldByXPath("//input[@name='pass' and @value!='']", NULL, t('Password value attribute is blank.'));
     if (isset($flood_trigger)) {
       if ($flood_trigger == 'user') {
         $this->assertRaw(format_plural(variable_get('user_failed_login_user_limit', 5), 'Sorry, there has been more than one failed login attempt for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', 'Sorry, there have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => url('user/password'))));
-- 
cgit v1.2.3