On 07/22/2015 09:50 PM, Thomas De Schampheleire wrote:
# HG changeset patch
# User Thomas De Schampheleire <[email protected]>
# Date 1437508363 -7200
# Tue Jul 21 21:52:43 2015 +0200
# Node ID f219f0a41f57655dd2125c9371db9ee1ac217a4b
# Parent 27fbaba10257132c1087a3dc7f7c2bdfd4b5ab9e
admin: e-mail: remove display of SMTP password
It is quite useless, and in a way a security leak, to display the length of
the SMTP password when showing the e-mail settings.
Removing any reference to the SMTP password has the additional advantage of
making subsequent cleanup on this page easier.
I don't really know how valuable it is to show .ini values in the UI
(there is a lot of other settings we don't show - we either should or
shouldn't) BUT when we show email settings, I think it is quite relevant
to also show whether there is a password or not.
Perhaps do a
c.ini['smtp_password_hidden'] = '******' if c.ini.get('smtp_password')
else ''
and display that instead.
/Mads
diff --git a/kallithea/templates/admin/settings/settings_email.html
b/kallithea/templates/admin/settings/settings_email.html
--- a/kallithea/templates/admin/settings/settings_email.html
+++ b/kallithea/templates/admin/settings/settings_email.html
@@ -8,7 +8,6 @@
(_('SMTP server'), c.ini.get('smtp_server'), ''),
(_('SMTP username'), c.ini.get('smtp_username'), ''),
- (_('SMTP password'), '%s chars' % len(c.ini.get('smtp_password', '')), ''),
(_('SMTP port'), c.ini.get('smtp_port'), ''),
(_('SMTP use TLS'), c.ini.get('smtp_use_tls'), ''),
_______________________________________________
kallithea-general mailing list
[email protected]
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
