Bug #70126
closed
FormEngine username and password fields must have autocomplete=off
100%
Description
This avoids that browsers (especially Chrome) go nuts and prefill those fields with stored auth data and therefore adjust the user's password.
This is especially critical if you edit be_users, as the password field is preset with 8 asterisks by FormEngine as "do not change"-value. But the browser then overwrites this value with some stored foo. There is no sane way for the user to restore the "do not change"-value to avoid changing the password.
Updated by
Updated by Gerrit Code Review about 9 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/43883
Updated by Gerrit Code Review about 9 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/43883
Updated by Gerrit Code Review about 9 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/43883
Updated by Zsolt Molnar about 9 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset e5bc8f2870c4c23cb98f747fc9769de6a277928b.
Updated by Riccardo De Contardi about 7 years ago
- Status changed from Resolved to Closed