Bug #5087
closed
system_advanced_notifications.php - Multiple issues with fields on the page
Description
#1: The E-Mail auth username and password fields are filled in by the browser's auto-fill, which is insecure and annoying. Very easy for someone who isn't paying attention to accidentally save their firewall credentials here.
#2: The value of many fields on this page do not save:
Under growl:- "Registration Name" does not save, config shows it empty, is replaced with default value on page load.
- "Notification Name" does not save, config shows it empty, is replaced with default value on page load.
- "IP Address" does not save, config shows it empty, is blank on page load.
- "E-Mail Server" field, does not save, config shows it empty, is blank on page load.
Updated by Anonymous over 8 years ago
- Status changed from Confirmed to Feedback
- Assignee changed from Anonymous to Jim Pingle
Programmer had changed the input names such that they no longer matched the config system nasmes
Updated by Anonymous over 8 years ago
- % Done changed from 0 to 100
Applied in changeset pfsense:4392e82299d6fbd28e468d431ed3578c6fcface9.
Updated by Jim Pingle over 8 years ago
- Status changed from Feedback to Confirmed
- Assignee changed from Jim Pingle to Anonymous
- % Done changed from 100 to 0
Growl fields are OK. E-mail server still does not save.
Updated by Anonymous over 8 years ago
- Status changed from Confirmed to Feedback
- Assignee changed from Anonymous to Jim Pingle
My fault. Dropped the 's' in smtp :(
Updated by Anonymous over 8 years ago
- % Done changed from 0 to 100
Applied in changeset pfsense:257a043bbd3fc1c027fe01fc4c3b8bf95b8215ea.
Updated by Jim Pingle over 8 years ago
- Status changed from Feedback to Resolved
Fields save, though a test fails, probably something else in the backend. The config fields appear to be the same though. I'll open another ticket for that, may not be GUI related but in PHP libraries or elsewhere.
Updated by Jim Pingle over 8 years ago
- Status changed from Resolved to Confirmed
Whoops, forgot to reopen this -- #1 is still an issue. #2 is resolved.
Updated by Jim Pingle over 8 years ago
- Assignee changed from Jim Pingle to Anonymous
Updated by Anonymous over 8 years ago
- Status changed from Confirmed to Feedback
- Assignee changed from Anonymous to Jim Pingle
The only way I can think of to prevent autofill is to change the name of the field to something random~is, then change it back again on submit. Please see if this fixes the issue for you.
Updated by Jim Pingle over 8 years ago
- Status changed from Feedback to Confirmed
Sadly it appears as though browsers have decided they know better than page designers what forms need auto-fill. FF and Chrome both ignore autocomplete=off now for whatever the browser believes are username and password fields. The odd thing is that on 2.2.x this form does not get auto-filled, but some other places do (e.g. proxy settings on the System > Advanced, Miscellaneous tab). Must be something in how bootstrap formats the fields that makes the browser believe it's a login form.
Updated by Jim Pingle over 8 years ago
- Status changed from Confirmed to Resolved
Closing this out for now.
There doesn't seem to be a reliable cross-platform way to stop browsers from filling in what they believe are username and password fields. May revisit in the future.