Actions
Bug #72182
closed
BE Users can be created without a username and password due to chrome autofill
Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Backend User Interface
Target version:
-
Start date:
2015-12-11
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
7
PHP Version:
5.4
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
Description
Basically as title says. Steps to reproduce:
- Create a BE User
- Press Save and close or log in with said username and password
- Chrome asks you to save username and password - accept
- Create a new BE User - Take a look at the form where you set username and pw for the new user. Chrome automatically fills out the username and pw for you.
- Press save now. A BE User without name nor pw has been created. I even checked in the db if the fields really are empty. Well... they are.
Of course this will only really happen to somebody who deletes a user and then wants to create the exact same user again. Or to somebody who doesnt pay attention.
Using this nameless user leads to a further bug. If you use the "switch to user" button you will get logged in normally. However you cant log out of it. You are stuck until you delete the user using a different browser.
I dont know how the fields in the backend work. But I guess it goes like this: As the user presses "save" the system checks if the fields are empty. Because of chrome autofill they arent. So the system thinks thats fine. However the value from chromes prefilled fields aren't send to the database.
Files
Updated by 
Updated by 
Updated by 
Updated by 
Actions