SUMMARY It's possible to do Ctrl-Z and restore the previous written text in the password entry field. Consider the scenario where a user partly enters the password but then decides to something else and not unlock the screen. The user then clears the password field thinking the password cannot be restored by some other person. Some other person can now hit Ctrl-Z and restore the password and make it visible by clicking on the eye symbol. STEPS TO REPRODUCE 1. Type something in the lock screen password field 2. Delete it 3. Hit Ctrl-Z OBSERVED RESULT Password restored EXPECTED RESULT Ctrl-Z should not be possible SOFTWARE/OS VERSIONS Operating System: Manjaro Linux KDE Plasma Version: 5.24.5 KDE Frameworks Version: 5.93.0 Qt Version: 5.15.3 Kernel Version: 5.17.6-1-MANJARO (64-bit) Graphics Platform: X11
Can confirm. Would probably be good to disable this.
Looks like TextInput has a `canUndo:` property, but unfortunately it is read-only.
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-workspace/-/merge_requests/1788
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/plasma-framework/-/merge_requests/542
Fixed by Derek Christ with https://invent.kde.org/frameworks/plasma-framework/-/commit/3d887cd71f03358c8def733a3e19ed22a8f66e8a in Frameworks 5.95!
Git commit 51cab794c2d071aa3761f02436a7b96cd8e27478 by Nate Graham, on behalf of Derek Christ. Committed on 06/06/2022 at 14:19. Pushed by ngraham into branch 'master'. Port lockscreen & sddm theme password fields to PlasmaExtras.PasswordField M +2 -2 lookandfeel/contents/lockscreen/LockScreenUi.qml M +3 -5 lookandfeel/contents/lockscreen/MainBlock.qml M +5 -3 sddm-theme/Login.qml https://invent.kde.org/plasma/plasma-workspace/commit/51cab794c2d071aa3761f02436a7b96cd8e27478
*** Bug 387418 has been marked as a duplicate of this bug. ***
*** Bug 422421 has been marked as a duplicate of this bug. ***
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/qqc2-desktop-style/-/merge_requests/171
*** Bug 464741 has been marked as a duplicate of this bug. ***
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/qqc2-desktop-style/-/merge_requests/239
Git commit a0fd0328ac9ae1b483af978eb8ee849cfc8c8e0e by ivan tkachenko. Committed on 28/02/2023 at 00:32. Pushed by ratijas into branch 'master'. TextField: Fix password-protection code from affecting normal text fields Event interception should only be enabled for text fields which set appropriate echo mode hint. Amends 70ea0a191413c2c871f73b78bebfeefe4641d92e. M +1 -1 org.kde.desktop/TextField.qml https://invent.kde.org/frameworks/qqc2-desktop-style/commit/a0fd0328ac9ae1b483af978eb8ee849cfc8c8e0e
Git commit 7103ff3530b611994ce702dcfc7a3ad7a037403a by ivan tkachenko. Committed on 28/02/2023 at 11:51. Pushed by ratijas into branch 'kf5'. TextField: Fix password-protection code from affecting normal text fields Event interception should only be enabled for text fields which set appropriate echo mode hint. Amends 70ea0a191413c2c871f73b78bebfeefe4641d92e. (cherry picked from commit a0fd0328ac9ae1b483af978eb8ee849cfc8c8e0e) M +1 -1 org.kde.desktop/TextField.qml https://invent.kde.org/frameworks/qqc2-desktop-style/commit/7103ff3530b611994ce702dcfc7a3ad7a037403a