From bf2391f5b2aa64910bc265136c183ed991f8cdc8 Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Tue, 28 Jun 2022 14:10:20 +0200
Subject: [PATCH] Clearly mark the StoreCode as sensitive

The Plugin-Store StoreCode can contain credentials that are considered to be sensitive and should not be shared with third parties.

This change adds a unique prefix that serves as a warning to prevent users from unintentionally sharing these credentials with others.

In addition, this unique prefix makes it possible to block this string from appearing in messages using the censorship feature.
---
 ts/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.ts      | 4 ++--
 .../js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ts/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.ts b/ts/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.ts
index 48c0f7f601..356e82b084 100644
--- a/ts/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.ts
+++ b/ts/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.ts
@@ -36,8 +36,8 @@ function detectCode(): void {
   const value = codeInput.value.trim();
 
   let isValid = false;
-  if (value.length > 0) {
-    const decodedValue = window.atob(value);
+  if (value.startsWith("WoltLab_StoreCode_Do_Not_Share_")) {
+    const decodedValue = window.atob(value.replace(/^WoltLab_StoreCode_Do_Not_Share_/, ""));
 
     let maybeJson: unknown;
     try {
diff --git a/wcfsetup/install/files/js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js b/wcfsetup/install/files/js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js
index 6724520a68..5e88b4fb78 100644
--- a/wcfsetup/install/files/js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js
+++ b/wcfsetup/install/files/js/WoltLabSuite/Core/Acp/Ui/Package/QuickInstallation.js
@@ -17,8 +17,8 @@ define(["require", "exports", "tslib", "../../../Ajax", "../../../Core", "../../
     function detectCode() {
         const value = codeInput.value.trim();
         let isValid = false;
-        if (value.length > 0) {
-            const decodedValue = window.atob(value);
+        if (value.startsWith("WoltLab_StoreCode_Do_Not_Share_")) {
+            const decodedValue = window.atob(value.replace(/^WoltLab_StoreCode_Do_Not_Share_/, ""));
             let maybeJson;
             try {
                 maybeJson = JSON.parse(decodedValue);
-- 
2.20.1