From 150d3856a0d3d82e3a7a4b4f6ae5899ed047a681 Mon Sep 17 00:00:00 2001
From: Jan-Christoph Borchardt <hey@jancborchardt.net>
Date: Fri, 24 Jan 2014 18:58:56 +0100
Subject: [PATCH] prevent autofill for password change settings, prevent leak
 of existing password, fix #6552

---
 settings/templates/personal.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/settings/templates/personal.php b/settings/templates/personal.php
index 1518b48b979..07d75587d5e 100644
--- a/settings/templates/personal.php
+++ b/settings/templates/personal.php
@@ -39,9 +39,11 @@ if($_['passwordChangeSupported']) {
 		<h2><?php p($l->t('Password'));?></h2>
 		<div id="passwordchanged"><?php echo $l->t('Your password was changed');?></div>
 		<div id="passworderror"><?php echo $l->t('Unable to change your password');?></div>
-		<input type="password" id="pass1" name="oldpassword" placeholder="<?php echo $l->t('Current password');?>" />
+		<input type="password" id="pass1" name="oldpassword"
+			placeholder="<?php echo $l->t('Current password');?>" autocomplete="off" />
 		<input type="password" id="pass2" name="personal-password"
-			placeholder="<?php echo $l->t('New password');?>" data-typetoggle="#personal-show" />
+			placeholder="<?php echo $l->t('New password');?>"
+			data-typetoggle="#personal-show" autocomplete="off" />
 		<input type="checkbox" id="personal-show" name="show" /><label for="personal-show"></label>
 		<input id="passwordbutton" type="submit" value="<?php echo $l->t('Change password');?>" />
 		<br/>
-- 
GitLab