Project

General

Profile

Bug #5087

system_advanced_notifications.php - Multiple issues with fields on the page

Added by Jim Pingle almost 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Target version:
Start date:
09/03/2015
Due date:
% Done:

100%

Estimated time:
Spent time:

Description

#1: The E-Mail auth username and password fields are filled in by the browser's auto-fill, which is insecure and annoying. Very easy for someone who isn't paying attention to accidentally save their firewall credentials here.

#2: The value of many fields on this page do not save:

Under growl:
  • "Registration Name" does not save, config shows it empty, is replaced with default value on page load.
  • "Notification Name" does not save, config shows it empty, is replaced with default value on page load.
  • "IP Address" does not save, config shows it empty, is blank on page load.
Under E-Mail:
  • "E-Mail Server" field, does not save, config shows it empty, is blank on page load.

Associated revisions

Revision 4392e822 (diff)
Added by Steve Beaver almost 4 years ago

Fixed #5087
Programmer had changed the input names such that they no longer matched the config system nasmes (again)

Revision 257a043b (diff)
Added by Steve Beaver almost 4 years ago

Fixed #5087
My fault. Dropped the 's' in smtp :(

History

#1 Updated by Steve Beaver almost 4 years ago

  • Status changed from Confirmed to Feedback
  • Assignee changed from Steve Beaver to Jim Pingle

Programmer had changed the input names such that they no longer matched the config system nasmes

#2 Updated by Steve Beaver almost 4 years ago

  • % Done changed from 0 to 100

#3 Updated by Jim Pingle almost 4 years ago

  • Status changed from Feedback to Confirmed
  • Assignee changed from Jim Pingle to Steve Beaver
  • % Done changed from 100 to 0

Growl fields are OK. E-mail server still does not save.

#4 Updated by Steve Beaver almost 4 years ago

  • Status changed from Confirmed to Feedback
  • Assignee changed from Steve Beaver to Jim Pingle

My fault. Dropped the 's' in smtp :(

#5 Updated by Steve Beaver almost 4 years ago

  • % Done changed from 0 to 100

#6 Updated by Jim Pingle almost 4 years ago

  • Status changed from Feedback to Resolved

Fields save, though a test fails, probably something else in the backend. The config fields appear to be the same though. I'll open another ticket for that, may not be GUI related but in PHP libraries or elsewhere.

#7 Updated by Jim Pingle almost 4 years ago

  • Status changed from Resolved to Confirmed

Whoops, forgot to reopen this -- #1 is still an issue. #2 is resolved.

#8 Updated by Jim Pingle almost 4 years ago

  • Assignee changed from Jim Pingle to Steve Beaver

#9 Updated by Steve Beaver almost 4 years ago

  • Status changed from Confirmed to Feedback
  • Assignee changed from Steve Beaver to Jim Pingle

The only way I can think of to prevent autofill is to change the name of the field to something random~is, then change it back again on submit. Please see if this fixes the issue for you.

#10 Updated by Jim Pingle almost 4 years ago

  • Status changed from Feedback to Confirmed

Sadly it appears as though browsers have decided they know better than page designers what forms need auto-fill. FF and Chrome both ignore autocomplete=off now for whatever the browser believes are username and password fields. The odd thing is that on 2.2.x this form does not get auto-filled, but some other places do (e.g. proxy settings on the System > Advanced, Miscellaneous tab). Must be something in how bootstrap formats the fields that makes the browser believe it's a login form.

#11 Updated by Jim Pingle almost 4 years ago

  • Status changed from Confirmed to Resolved

Closing this out for now.

There doesn't seem to be a reliable cross-platform way to stop browsers from filling in what they believe are username and password fields. May revisit in the future.

Also available in: Atom PDF