Skip to content

Commit b3afaf6

Browse files
committed
Security: Add configuration setting 'security_login_autocomplete_disable' to set autocomplete attribute of both login and password to "new-password" - refs BT#21289
1 parent f180678 commit b3afaf6

File tree

2 files changed

+12
-0
lines changed

2 files changed

+12
-0
lines changed

main/inc/lib/template.lib.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1226,6 +1226,9 @@ public static function displayLoginForm()
12261226
'icon' => 'user fa-fw',
12271227
'placeholder' => get_lang('UserName'),
12281228
];
1229+
if (api_get_configuration_value('security_login_autocomplete_disable') === true) {
1230+
$params['autocomplete'] = 'new-password';
1231+
}
12291232
$browserAutoCapitalize = false;
12301233
// Avoid showing the autocapitalize option if the browser doesn't
12311234
// support it: this attribute is against the HTML5 standard
@@ -1244,6 +1247,9 @@ public static function displayLoginForm()
12441247
'icon' => 'lock fa-fw',
12451248
'placeholder' => get_lang('Pass'),
12461249
];
1250+
if (api_get_configuration_value('security_login_autocomplete_disable') === true) {
1251+
$params['autocomplete'] = 'new-password';
1252+
}
12471253
if ($browserAutoCapitalize) {
12481254
$params['autocapitalize'] = 'none';
12491255
}

main/install/configuration.dist.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2515,3 +2515,9 @@
25152515
// If this feature is enabled on an existing portal, the registration date of users will be taken as
25162516
// the latest password change date.
25172517
//$_configuration['security_password_rotate_days'] = 90;
2518+
2519+
// Prevent login/pass cache by browser
2520+
// If enabled, users' browsers will not be able to re-use previous
2521+
// login/passwords in the main login form. Browsers might choose not to
2522+
// support this feature.
2523+
//$_configuration['security_login_autocomplete_disable'] = false;

0 commit comments

Comments
 (0)