Insert of saved username and password form data into other fileds with only the same headline over the input but different id and name




Password Manager
9 years ago
9 years ago


(Reporter: nm, Unassigned)


1.9.0 Branch
Windows XP

Firefox Tracking Flags

(Not tracked)




9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv: Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv: Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)

For example:
If you have got an login page with 2 input fileds and headlines
Headline #1: username
Input-Elements: id="user_name" name="user_name"

Headline #2: password
Input-Elements: id="user_pwd" name="user_pwd"

after login you accept to save the password or login data by Firefox.
Now you are inside of an web backend an there is a option to creat a new user.
By php the values of the input fileds are cleared before parsing the page.
So you have got the following inputs and headlines on the page2.php (= not the login.php):
Headline #1: username
Input-Elements: id="user_new_name" name="user_new_name"

Headline #2: password
Input-Elements: id="user_new_pwd" name="user_new_pwd"  

The Firefox engine for the password saving and remember help does insert the data you used at the login. 

This is a big problem!

Why does the engine not react on the input id or name if they are simular?
This means that if the headline-text of any input field is the same, than the headline-text of the login mask before, the saved data is inserted into the fields.

I don't think that it makes sence to creat a new user with the data of an allready existing user.  

Reproducible: Always

Steps to Reproduce:
1. Entering username an password into the login form of a webpage with the features descriped in the "deatils" above.
2. If the firefox option save passwords in the preferences Security->Passwords is set, firefox asks for saving this form data or not. Accept the saving. 
3. Goto the next page after the login - this will happen automaticaly - where the new form for creating a user is located. 
Actual Results:  
The form data from the login page is inserted in the new form for creating a user.

Expected Results:  
Don't insert the saved form data (uswername and password) unless the input-field name is the same as in the form before, when the saving was accepted.

This is a horror feature for any web developer, because you cannot relay on cleared values parsed by php. Firefox is modifinig it after parsing.
Component: General → Password Manager
Product: Firefox → Toolkit
QA Contact: general → password.manager
Version: unspecified → 1.9.0 Branch
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 499223
You need to log in before you can comment on or make changes to this bug.