Page MenuHomePhabricator

Cancel on Special:ChangeCredentials causes validation
Closed, ResolvedPublic

Description

The new [[Special:ChangeCredentials]] implementation of password change has the Cancel button broken, as it causes UI validation, forcing you to enter the new password and retype before you cancel. (Also, the Cancel button POSTs the form, causing Firefox to offer to save those passwords which I needed to enter.)

The validation message is probably caused by HTML validation by browser (tested on Firefox 46.0.1 on Windows).

(Also, shouldn’t a password change require the current password?)

Details

Related Gerrit Patches:

Event Timeline

Mormegil created this task.Jun 2 2016, 9:06 AM
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptJun 2 2016, 9:06 AM
Tgr added a comment.Jun 2 2016, 10:03 AM

Yes, this is HTML5 validation. HTMLForm probbaly should have a way to set formnovalidate on its cancel buttons.

Also, the Cancel button POSTs the form, causing Firefox to offer to save those passwords which I needed to enter.

That's not any different from the old form. Again, the formmethod attribute should probably be set.

Also, shouldn’t a password change require the current password?

See T136101 about that.

Change 292360 had a related patch set uploaded (by Gergő Tisza):
Improve HTMLForm (and Special:ChangeCredentials) cancel button

https://gerrit.wikimedia.org/r/292360

Tgr added a comment.Jun 2 2016, 2:21 PM

Does Firefox really not save the password on GET? Seems like a poor way to handle it. The WHATWG autocomplete spec defines new-password and current-password, I wonder if browsers understand those.

Change 292360 merged by jenkins-bot:
Improve HTMLForm (and Special:ChangeCredentials) cancel button

https://gerrit.wikimedia.org/r/292360

Tgr closed this task as Resolved.Jun 2 2016, 8:17 PM
Tgr claimed this task.

Cancel is a plain link now.