Closed
Bug 488819
Opened 15 years ago
Closed 15 years ago
Insert of saved username and password form data into other fileds with only the same headline over the input but different id and name
Categories
(Toolkit :: Password Manager, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 499223
People
(Reporter: nm, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729) For example: If you have got an login page with 2 input fileds and headlines Headline #1: username Input-Elements: id="user_name" name="user_name" Headline #2: password Input-Elements: id="user_pwd" name="user_pwd" after login you accept to save the password or login data by Firefox. Now you are inside of an web backend an there is a option to creat a new user. By php the values of the input fileds are cleared before parsing the page. So you have got the following inputs and headlines on the page2.php (= not the login.php): Headline #1: username Input-Elements: id="user_new_name" name="user_new_name" Headline #2: password Input-Elements: id="user_new_pwd" name="user_new_pwd" The Firefox engine for the password saving and remember help does insert the data you used at the login. This is a big problem! Why does the engine not react on the input id or name if they are simular? This means that if the headline-text of any input field is the same, than the headline-text of the login mask before, the saved data is inserted into the fields. I don't think that it makes sence to creat a new user with the data of an allready existing user. Reproducible: Always Steps to Reproduce: 1. Entering username an password into the login form of a webpage with the features descriped in the "deatils" above. 2. If the firefox option save passwords in the preferences Security->Passwords is set, firefox asks for saving this form data or not. Accept the saving. 3. Goto the next page after the login - this will happen automaticaly - where the new form for creating a user is located. Actual Results: The form data from the login page is inserted in the new form for creating a user. Expected Results: Don't insert the saved form data (uswername and password) unless the input-field name is the same as in the form before, when the saving was accepted. This is a horror feature for any web developer, because you cannot relay on cleared values parsed by php. Firefox is modifinig it after parsing.
Updated•15 years ago
|
Component: General → Password Manager
Product: Firefox → Toolkit
QA Contact: general → password.manager
Version: unspecified → 1.9.0 Branch
Updated•15 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•