Provider credentials visible in source HTML

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Create a new appointment and click Next
2. Look at the source of the [2] Select Appointment Date and Time
3. You'll find all the details there. Crypted username, password, salt...

What is the expected output? What do you see instead?
None of the secret stuff!!!

What version of the product are you using? On what operating system?
1.0

Please provide any additional information below.

Original issue reported on code.google.com by petri.le...@gmail.com on 7 Sep 2014 at 7:55

[GoogleCodeExporter]

I'll give this a shot.

The modifications will be in "/application/controllers/appointments.php".

They remove 'password' and 'salt' elements from the $view arrays and also the 
source code displayed on the public side of "Book Appointment" and "Appointment 
Successful".

I have attached a file with the changes.

1st, on line 210 add the follow code to remove password/salt from success page.

// Removes the password and salt elements for provider.
unset($view['provider_data']['settings']['password'], 
$view['provider_data']['settings']['salt']);

2nd, on line 86 add the following code to remove password/salt from appointment 
setting form.

// Removes the password and salt elements for each
// available provider from the $view array.
foreach($view['available_providers'] as $pro => $data){
  unset($view['available_providers'][$pro]['settings']['password'], $view['available_providers'][$pro]['settings']['salt']);
}   

This doesn't seem to break anything else.

Original comment by mike.joh...@gmail.com on 9 Sep 2014 at 1:08

Attachments:

• appointments.php

[GoogleCodeExporter]

God you're right!!! Must be fixed immediately!

Thanks for the report.

Original comment by alextselegidis@gmail.com on 6 Nov 2014 at 8:06

• Changed state: Accepted