Here's a few extra lines I think make sense. Setting FormFillNoPasswords
to true causes HTML::FillInForm not to fill password fields.
--
Regards,
Ross Thomas
*** ASP.pm.orig Wed Feb 27 02:44:24 2002
--- ASP.pm Mon Apr 29 06:25:24 2002
***************
*** 3519,3524 ****
--- 3519,3525 ----
ContentType => 'text/html',
'Debug' => $asp->{dbg},
FormFill => $r->dir_config('FormFill'),
+ FormFillNoPasswords => $r->dir_config('FormFillNoPasswords') || 0,
IsClientConnected => 1,
# PICS => undef,
# Status => 200,
***************
*** 3775,3780 ****
--- 3776,3782 ----
$form = $fif->fill(
scalarref => \$form,
fdat => $asp->{Request}{Form},
+ fill_password => $self->{FormFillNoPasswords}
+? 0 : 1,
);
};
if($@) {
***************
*** 6966,6971 ****
--- 6968,6986 ----
with $Response->{FormFill} = 1
PerlSetVar FormFill 1
+
+ =item FormFillNoPasswords
+
+ default 0, if true will cause HTML::FillInForm to skip
+ filling in password fields. This could be beneficial from
+ a security perspective if the form in question is sent
+ over an insecure connection or if there is any possibility
+ that the page might get cached by a browser or proxy.
+
+ This feature can be enabled on a per form basis at runtime
+ with $Response->{FormFillNoPasswords} = 1
+
+ PerlSetVar FormFillNoPasswords 1
=item TimeHiRes
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
