Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 20 additions & 2 deletions controllers/admin/AdminSaferPayOfficialSettingsController.php
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@ public function initContent()

public function postProcess()
{
$this->keepExistingPasswordWhenSubmittedEmpty(SaferPayConfig::PASSWORD);
$this->keepExistingPasswordWhenSubmittedEmpty(SaferPayConfig::PASSWORD . SaferPayConfig::TEST_SUFFIX);
Comment on lines +59 to +60

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Instead of directly modifying the global $_POST superglobal (which is a code smell and can lead to unexpected side effects or issues with other modules/hooks), we can dynamically remove the password fields from $this->fields_options when they are submitted empty. This prevents PrestaShop's HelperOptions from updating them in the database, preserving the existing configuration values cleanly and safely.

        $this->ignoreEmptyPasswordFieldsFromOptions();


parent::postProcess();

/** @var Configuration $configuration */
Expand All @@ -82,6 +85,15 @@ public function postProcess()
return true;
}

private function keepExistingPasswordWhenSubmittedEmpty($key)
{
if (!isset($_POST[$key]) || $_POST[$key] !== '') {
return;
}

$_POST[$key] = \Configuration::get($key);
}
Comment on lines +88 to +95

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Refactor this helper method to dynamically remove the empty password fields from $this->fields_options instead of modifying the global $_POST superglobal. This is a much cleaner and safer approach that avoids side effects.

    private function ignoreEmptyPasswordFieldsFromOptions()
    {
        $keys = [
            SaferPayConfig::PASSWORD,
            SaferPayConfig::PASSWORD . SaferPayConfig::TEST_SUFFIX,
        ];

        foreach ($keys as $key) {
            if (Tools::getValue($key) === '') {
                foreach ($this->fields_options as &$category) {
                    if (isset($category['fields'][$key])) {
                        unset($category['fields'][$key]);
                    }
                }
            }
        }
    }


private function validateTerminalId()
{
try {
Expand Down Expand Up @@ -489,7 +501,10 @@ private function displayTestEnvironmentConfiguration()
'title' => $this->module->l('JSON API Password'),
'type' => 'password_input',
'class' => 'fixed-width-xl',
'value' => \Configuration::get(SaferPayConfig::PASSWORD . SaferPayConfig::TEST_SUFFIX),
'autocomplete' => false,
'placeholder' => \Configuration::get(SaferPayConfig::PASSWORD . SaferPayConfig::TEST_SUFFIX)
? $this->module->l('Leave empty to keep the saved password')
: '',
],
SaferPayConfig::CUSTOMER_ID . SaferPayConfig::TEST_SUFFIX => [
'title' => $this->module->l('Customer ID'),
Expand Down Expand Up @@ -557,7 +572,10 @@ private function displayLiveEnvironmentConfiguration()
'title' => $this->module->l('JSON API Password'),
'type' => 'password_input',
'class' => 'fixed-width-xl',
'value' => \Configuration::get(SaferPayConfig::PASSWORD),
'autocomplete' => false,
'placeholder' => \Configuration::get(SaferPayConfig::PASSWORD)
? $this->module->l('Leave empty to keep the saved password')
: '',
],
SaferPayConfig::CUSTOMER_ID => [
'title' => $this->module->l('Customer ID'),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,8 @@
class="{if isset($field['class'])}{$field['class']|escape:'htmlall':'UTF-8'}{/if}"
size="{if isset($field['size'])}{$field['size']|intval}{else}5{/if}"
name="{$key|escape:'htmlall':'UTF-8'}"
value="{$field['value']|escape:'htmlall':'UTF-8'}"
value=""
{if isset($field['placeholder']) && $field['placeholder']} placeholder="{$field['placeholder']|escape:'htmlall':'UTF-8'}"{/if}
{if isset($field['autocomplete']) && !$field['autocomplete']} autocomplete="off"{/if} />

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Modern browsers (such as Chrome, Firefox, and Safari) often ignore autocomplete="off" on password fields to force password managers to work. To reliably prevent browsers from autofilling saved credentials into this field, use autocomplete="new-password" instead.

                    {if isset($field['autocomplete']) && !$field['autocomplete']} autocomplete="new-password"{/if} />

</div>
{/if}
Expand Down
Loading