[wp-trac] [WordPress Trac] #33699: Hidden password input fields should default to disabled="disabled"

WordPress Trac noreply at wordpress.org
Fri Nov 20 21:45:41 UTC 2015


#33699: Hidden password input fields should default to disabled="disabled"
--------------------------+---------------------------------------------
 Reporter:  raamdev       |       Owner:  ocean90
     Type:  defect (bug)  |      Status:  assigned
 Priority:  normal        |   Milestone:  4.4
Component:  Users         |     Version:  4.3
 Severity:  normal        |  Resolution:
 Keywords:  needs-patch   |     Focuses:  ui, javascript, administration
--------------------------+---------------------------------------------

Comment (by adamsilverstein):

 [attachment:33699.6.diff] resolves the underlying issue where we were
 inadvertently submitting the fields disabled and their value was never
 passed to PHP. This patch ensures the fields get enabled before the
 submission occurs. I verified that I no longer get a PHP notice when
 adding a new user.

 Once possible issue would be that if validation fails (for example,
 omitting the email address), the fields would be enabled again. I don't
 think the password managers would then attempt to autofill these fields,
 because I think they only check for password fields on page load; however
 I am unable to reproduce the original issue consistently.

 @raamdev or @JasWSInc can you check @ocean90's patch to see if you see any
 of the original issue recurring after applying this patch: if possible,
 please test the edit profile screen and try submitting the form with a
 validation error (for example, change the email to something thats not an
 email). submit, get the error, correct and resubmit; then verify the
 password wasn’t inadvertently changed.

 Thanks!

--
Ticket URL: <https://core.trac.wordpress.org/ticket/33699#comment:28>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list