Closed Bug 488819 Opened 15 years ago Closed 15 years ago

Insert of saved username and password form data into other fileds with only the same headline over the input but different id and name

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Version:
1.9.0 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 499223

People

(Reporter: nm, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)

For example:
If you have got an login page with 2 input fileds and headlines
Headline #1: username
Input-Elements: id="user_name" name="user_name"

Headline #2: password
Input-Elements: id="user_pwd" name="user_pwd"

after login you accept to save the password or login data by Firefox.
Now you are inside of an web backend an there is a option to creat a new user.
By php the values of the input fileds are cleared before parsing the page.
So you have got the following inputs and headlines on the page2.php (= not the login.php):
Headline #1: username
Input-Elements: id="user_new_name" name="user_new_name"

Headline #2: password
Input-Elements: id="user_new_pwd" name="user_new_pwd"  

The Firefox engine for the password saving and remember help does insert the data you used at the login. 

This is a big problem!

Why does the engine not react on the input id or name if they are simular?
This means that if the headline-text of any input field is the same, than the headline-text of the login mask before, the saved data is inserted into the fields.

I don't think that it makes sence to creat a new user with the data of an allready existing user.  

Reproducible: Always

Steps to Reproduce:
1. Entering username an password into the login form of a webpage with the features descriped in the "deatils" above.
2. If the firefox option save passwords in the preferences Security->Passwords is set, firefox asks for saving this form data or not. Accept the saving. 
3. Goto the next page after the login - this will happen automaticaly - where the new form for creating a user is located. 
Actual Results:  
The form data from the login page is inserted in the new form for creating a user.

Expected Results:  
Don't insert the saved form data (uswername and password) unless the input-field name is the same as in the form before, when the saving was accepted.

This is a horror feature for any web developer, because you cannot relay on cleared values parsed by php. Firefox is modifinig it after parsing.
Component: General → Password Manager
Product: Firefox → Toolkit
QA Contact: general → password.manager
Version: unspecified → 1.9.0 Branch
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.