Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51083

Some forms still autofill the user's password

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      On all browsers

      1. Log in to your moodle course as an admin
      2. In the browser, select to save your password
      3. Test each of the following pages using the instructions below
        • Site administration ► Plugins ► Authentication ► Manage authentication
          • CAS
          • FirstClass
          • External Database
          • LDAP
        • Alfresco repo (you don't need an alfresco instance to test this)
          • Site administration ► Plugins ► Repositories ► Manage repositories
          • Enable alfresco
          • Create a repository instance (you can use any nonexistant url, it doesn't matter)
          • Go to dashboard then click Manage private files
          • Add a file and select the alfresco instance
          • Check this form
          • Turn off javascript, and select alfresco again.
          • Check this form

      Instructions:

      1. Use firebug (or the chrome inspecter or the equivalent in the current browser) to view the "form data" and make sure your password wasn't passed
        1. Open the inspector
        2. Click the network tab
        3. Select the request at the top (you may need to scroll)
        4. Select the headers tab
        5. Scroll to "Form data"
      2. Search admin settings for "password"
      3. Ensure that no password fields are automatically filled by the browser
      Show
      On all browsers Log in to your moodle course as an admin In the browser, select to save your password Test each of the following pages using the instructions below Site administration ► Plugins ► Authentication ► Manage authentication CAS FirstClass External Database LDAP Alfresco repo (you don't need an alfresco instance to test this) Site administration ► Plugins ► Repositories ► Manage repositories Enable alfresco Create a repository instance (you can use any nonexistant url, it doesn't matter) Go to dashboard then click Manage private files Add a file and select the alfresco instance Check this form Turn off javascript, and select alfresco again. Check this form Instructions: Use firebug (or the chrome inspecter or the equivalent in the current browser) to view the "form data" and make sure your password wasn't passed Open the inspector Click the network tab Select the request at the top (you may need to scroll) Select the headers tab Scroll to "Form data" Search admin settings for "password" Ensure that no password fields are automatically filled by the browser
    • Affected Branches:
      MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE
    • Fixed Branches:
      MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-51083-master

      Description

      MDL-45772 fixed incorrect password autofill for mforms and admin settings forms but there are still some forms in moodle that are not using the fix. We need to apply the patch to those forms too.

      This is caused by the fact that they did not use mforms

      Missing locations

      • Authentication plugins
        • CAS
        • FirstClass
        • External Database
        • LDAP
        • Alfresco repo

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                7 Vote for this issue
                Watchers:
                15 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  9/Nov/15