The new [[Special:ChangeCredentials]] implementation of password change has the Cancel button broken, as it causes UI validation, forcing you to enter the new password and retype before you cancel. (Also, the Cancel button POSTs the form, causing Firefox to offer to save those passwords which I needed to enter.)
The validation message is probably caused by HTML validation by browser (tested on Firefox 46.0.1 on Windows).
(Also, shouldn’t a password change require the current password?)
| Project | Branch | Lines +/- | Subject | |
|---|---|---|---|---|
| mediawiki/core | master | +68 -15 | Improve HTMLForm (and Special:ChangeCredentials) cancel button |
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | Deskana | T75616 Tracking: API/backend issues blocking Wikipedia app development | |||
| Resolved | Anomie | T32788 Allow triggering of user password reset email via the API | |||
| Open | None | T90925 General authentication improvements for MediaWiki | |||
| Resolved | Anomie | T48179 Allow a challenge stage during authentication | |||
| Open | None | T5709 Refactoring to make external authentication and identity systems easier | |||
| Resolved | Tgr | T43201 UserLoadFromSession considered evil | |||
| Resolved | Anomie | T67493 Session is started by EditAction (problem for extensions using UserLoadFromSession hook) | |||
| Open | Feature | None | T55156 Provide option to force a login session to end within a certain time | ||
| Open | None | T89459 Modernize MediaWiki authentication system (AuthManager) | |||
| Open | None | T110278 Improve interaction between AuthManager and the UI layer | |||
| Resolved | Tgr | T136809 Cancel on Special:ChangeCredentials causes validation |
Yes, this is HTML5 validation. HTMLForm probbaly should have a way to set formnovalidate on its cancel buttons.
Also, the Cancel button POSTs the form, causing Firefox to offer to save those passwords which I needed to enter.
That's not any different from the old form. Again, the formmethod attribute should probably be set.
Also, shouldn’t a password change require the current password?
See T136101 about that.
Change 292360 had a related patch set uploaded (by Gergő Tisza):
Improve HTMLForm (and Special:ChangeCredentials) cancel button
Does Firefox really not save the password on GET? Seems like a poor way to handle it. The WHATWG autocomplete spec defines new-password and current-password, I wonder if browsers understand those.
Change 292360 merged by jenkins-bot:
Improve HTMLForm (and Special:ChangeCredentials) cancel button