From 2526e5478ea3ddfcb16f63d2fc4ce38241baa88c Mon Sep 17 00:00:00 2001 From: matlam Date: Sun, 8 Jan 2017 08:36:20 +0100 Subject: [PATCH] prevent firefox from filling in the password field in the form for new members if a system user saved their username amd password in their browser, the browser uses it not only in the login form, but also in other forms which have a input field of type password. That is the case in the membership module when creating a new member in Firefox(tested with Firefox 50.1.0 on Ubuntu 16.10), if only one password was saved for the site, the email-field is automatically filled with the username and the password is put in the first password field with this commit a hidden dummyUserField and dummyPasswdField are added before the email and password fields. These fields get filled with the username and password, but it is not visible to the user, because the fields are hidden via css. unfortunately the solution which was used for chrome (add autocomplete="new-password") doesn't seem to work in firefox even though there is documentation saying something else: https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion maybe this will be implemented on day and this commit can be reverted --- admin/modules/membership/index.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/admin/modules/membership/index.php b/admin/modules/membership/index.php index b725ecb2..f672c486 100755 --- a/admin/modules/membership/index.php +++ b/admin/modules/membership/index.php @@ -507,6 +507,11 @@ function getimagesizefromstring($string_data) $form->addAnything(__('Photo'), $str_input); + // hidden username and password fields so that the password manager of the browser will not fill in the username in the memberEmail and the password in the memberPasswd field + $form->addTextField('text', 'dummyUserField', null, null, ''); + $form->addTextField('password', 'dummyPasswdField', null, null, ''); + echo ''; + // member email $form->addTextField('text', 'memberEmail', __('E-mail'), $rec_d['member_email'], 'style="width: 40%;"'); // member password