From 60a1fce2d18886cca699b965f4ff1cd2939ed8d1 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 6 Aug 2013 17:26:05 +0200
Subject: [PATCH] Sec: Do not autofill password for remote access

---
 htdocs/install/fileconf.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/install/fileconf.php b/htdocs/install/fileconf.php
index 7a8e1ad1ee9..e54a3275703 100644
--- a/htdocs/install/fileconf.php
+++ b/htdocs/install/fileconf.php
@@ -456,7 +456,6 @@ if (! empty($force_install_message))
 		 -->
 
 	</tr>
-
 	<tr class="hidesqlite hideroot">
 		<td class="label" valign="top"><b><?php echo $langs->trans("Password"); ?></b>
 		</td>
@@ -464,7 +463,8 @@ if (! empty($force_install_message))
 			id="db_pass_root" name="db_pass_root" class="needroot"
 			value="<?php
 			$autofill=((! empty($db_pass_root))?$db_pass_root:$force_install_databaserootpass);
-			if (! empty($dolibarr_main_prod)) $autofill='';
+			if (! empty($dolibarr_main_prod)) $autofill='';	// Do not autofill password if instance is a production instance
+			if (! empty($_SERVER["SERVER_NAME"]) && ! in_array($_SERVER["SERVER_NAME"], array('127.0.0.1', 'localhost'))) $autofill='';	// Do not autofill password for remote access
 			print dol_escape_htmltag($autofill);
 			?>"></td>
 		<td class="comment"><?php echo $langs->trans("KeepEmptyIfNoPassword"); ?>
-- 
GitLab