From 5967762cd817dd853e787f778bac7f46b13d38cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julien=20St=C3=A9benne?= <julien.stebenne@gmail.com>
Date: Mon, 9 Jan 2023 21:47:39 -0500
Subject: [PATCH] Hide sensitive information in 2FA setup page when printing

The QR code (and manual code) should not be recoverable after the initial setup. This would allow an unauthorized person to access an account without leaving a trace (like showing that a backup code was used, given that person has the account password).

Even if very low, having that information visible could be a problem.
---
 resources/views/profile/code.twig | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/resources/views/profile/code.twig b/resources/views/profile/code.twig
index 0dc728bb22..ebd2b2cf5a 100644
--- a/resources/views/profile/code.twig
+++ b/resources/views/profile/code.twig
@@ -14,17 +14,14 @@
                         <h3 class="box-title">{{ 'pref_two_factor_auth_code'|_ }}</h3>
                     </div>
                     <div class="box-body">
-                        <p class="text-info">
+                        <p class="text-info hidden-print">
                             {{ 'pref_two_factor_auth_code_help'|_ }}
                         </p>
                         <div class="form group">
-                            <div class="col-sm-8 col-md-offset-4">
-                                <!--<img src="" alt="" title=""
-                                     style="border:1px #ddd solid;"/>
-                                     -->
+                            <div class="col-sm-8 col-md-offset-4 hidden-print">
                                 {{ image|raw }}
                             </div>
-                            <p>
+                            <p class="hidden-print">
                                 {{ trans('firefly.2fa_use_secret_instead', {secret: secret|escape})|raw }}
                             </p>
                             <p>