opnsense
Password saved in html
Important notices Before you add a new report, we ask you kindly to acknowledge the following:
- [ ] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
- [ ] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
- [ ] The title contains the plugin to which this issue belongs
Describe the bug The passwords used in the Google Drive and NextCloud backup are saved in the HTML, even though they show ".............." in the web interface. If the user uses F12 and inspects the element, the password will be there in plain text.
Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)
To Reproduce Steps to reproduce the behavior:
- Go to 'System -> Configuration -> Backups'
- Press F12 and select the password field
- You will see the password in plain text
Expected behavior The password should be stored securely in OPNsense and could not be loaded into the web interface.
Screenshots
Relevant log files If applicable, information from log files supporting your claim.
Additional context Add any other context about the problem here.
Environment Software version used and hardware type if relevant. e.g.:
OPNsense 25.7.3_7-amd64 FreeBSD 14.3-RELEASE-p2 OpenSSL 3.0.17
There is a field type for this usecase
https://docs.opnsense.org/development/frontend/models_fieldtypes.html#updateonlytextfield
Guess its not used there:
https://github.com/opnsense/plugins/blob/97603fc29b18f724a7b812ae8c37f2965cb2c363/sysutils/nextcloud-backup/src/opnsense/mvc/app/models/OPNsense/Backup/NextcloudSettings.xml#L35
Should theoretically be a one line fix.
