Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.This is a trivial issue, but it's been annoying me.
When i want to change a setting on admin/settings/salesforce, i have to re-enter the salesforce_api_password, even if it's saved to variables already. Otherwise, since it's a FAPI type "password" field, the default_value is not respected (this is an old, old issue: #67519: #default_value doesn't work with password fields).
This patch assumes that unless the user clicked "Reset to Defaults", the existing password should remain.
This is a conscious choice to retain FAPI type "password" instead of exposing the SalesForce password in plaintext.
The only minor issue I can foresee with this change is that an admin user cannot set the salesforce_api_password to NULL without clicking "Reset to defaults". If *that* is a real issue, then I would propose splitting the settings panel into 2 MENU_LOCAL_TASKS (e.g. Credentials and Settings) so that admins don't have to re-enter their password whenever they want to change settings.
| Comment | File | Size | Author |
|---|---|---|---|
| #4 | sf dont delete password.patch | 1.94 KB | Bevan |
| salesforce_api.module.sfpwd_.patch | 1.2 KB | aaronbauman |
Comments
Comment #1
aaronbaumanComment #2
Bevan commentedI think this is a security feauture of FAPI. Does this patch fix it by forcing #default_value, or by not deleting it if the password field is empty?
Comment #3
Bevan commentedNevermind, I tried it out. It does the latter. Works for me. Patch looks good except for one minor whitespace issue.
Comment #4
Bevan commentedI committed the attached variation to DRUPAL-6--2. See http://drupal.org/project/cvs/141315
Note I tidied up whitespace considerably, and modified the flow a little to meet Drupal's coding standards and conventions.
Comment #5
Bevan commented