First password field is auto-filled in Firefox 3 - needs autocomplete="off"

This is not a protected_node issue. The field is being populated by Firefox because you enabled it to remember your password when you set it.

Please be more careful and don't enable password remember in your browser clueless!

The suggested solution of "don't save passwords" is not reasonable. I can't just tell clients "don't save your login password to your site".

We need to find out why does Firefox 3 auto-fill the field and not FF2? Will simply renaming the field name and/or class and/or ID help?

http://www.verysimple.com/blog/2007/03/07/forcing-firefox-to-obey-autoco...

If you think this is a bug, then please escalate this to the Drupal core issue tracker. This means that the profile pages are buggy as well (user module).

When Drupal core solves this, protected_node will support it. Protected node uses Drupal's infrastructure to render password fields (as well as any form), so this could work without a new release (and of course backwardly as well).

Still if you find out why exactly this is happening and can suggest a reasonable solution, I'm open to discuss this further.

Please reopen if you feel you solved the problem.

Thanks,
Mark

The autocomplete="off" attribute needs to be included on the password fields. This will keep Firefox from auto-completing the field if the password was saved.

Here's a patch.
You can't simply add an #attribute because the password_confirm FAPI element type doesn't pass attributes on to the password fields. Instead this uses an #after_build function to add the #attributes after expand_password_confirm() has done its work.

I too find this bug.
When create new node I find always my username as new element in the primary liks (can be solved deleting it in menu setting when create new content, but so annoying)
and then the some problem described yet: password stored in the first passwrod field.
I don't know how to apply the pacth, and I read around to not use patch expecially for user (like me) that doesen't know code and stuff like that. I'm not a coder. I'm just a Drupaler :-)

So my petition to the author of module is to integrate the patch in the module.
Thanks in advance for your time.

fab

+1 for putting this code inside the module.

+1 for putting this patch inside the module. Really annoying when it auto-fills the password field.

Otherwise an awesome module!

The patch doesn't seem to work for Drupal 5.x. Is there a similar fix for the 5.x branch?

It does work. I just had a conflicting version of the module in an odd subdirectory. My apologies.

Behaviour as outlined in #6 confirmed, extremely annoying.

Patch #5 confirmed as a working solution.

-------------------
Kerstbomen online kopen

Another confirmation the patch works perfectly.

Thank you SO much, dalin, for posting that patch!!

+1. This should go into the next release.

Agree with everybody here; this patch makes a huge difference. The first password field is filled in with a password without fail in Chrome; the error might not be on the part of the module builder, but it certainly makes a lot more sense for the module builder to implement this quick fix instead of someone having to take it on themselves to lobby for a fairly big change in core, etc.

Al

My comment refers to Profiles. I hope its ok i post it here. I have looked around for a way to implement the above solution for the Profile page, and am unable to find a solution. It is confusing for some users when they go into to edit their profile (say add a new profile picture) and have the first password field filled in. Has anyone seen an autocomplete="off" workaround for the Profile password field. I found this, but could not figure out how to implement it. http://www.metaltoad.com/blog/autocomplete-clearing-form-values-and-drup... Many thanks.

It seems I'm encountering a variation of this bug with Firefox 3.5 :
- Creating a non protected (Password field empty) node with a menu item : OK
- Editing a node and checking the "Delete menu item box", then saving the modifications : seems OK
- Now edit the node again, and you will see the current user name in the "Menu link title" field, and the field "Password" has now content...

Applied the patch to HEAD, please test.

seems to work (tested on FF 3.0.19). Good stuff, thanks.

In Firefox 3.6.3 first password field is auto-filled...
What can I do? Romina

You can either apply the patch or download the HEAD revision.

Good fix. I achieved something similar using Javascript before I was aware the 'autocomplete'=>'OFF' attribute was available.

Hi Damien,

That JQuery is brilliant thanks... it will solve the problem in user/edit. Hopefully core will update and solve this issue too, but for now that JQuery looks good. (Apologies as user/edit is not to do with the module in question on this page!)

Dan

@tolmi,

Could you make a 6.x-dev-1.x version available? It would be easier than asking people to go get the HEAD version. As you can see by @romina's comment that you did not bother to answer.

@DamienMcKenna,

Wouldn't that actually work with any module? So the profile as well as this very module?

Thank you.
Alexis

@AlexisWilke I will not release code as stable which might be unstable just for testing purposes. I hope you agree.

tolmi,

The "dev" versions are not stable versions. 8-)

The HEAD is for CVS people, developers. Many Drupal users are not developers. (i.e. themers, or even just plain users.) And asking them to test the "dev" version makes it very easy for them. Telling them it's in the CVS and you get no one telling you that it works and you never release the changes...

It's my point of view and how most people work, it seems to me. Although your way is okay with me. 8-)

Thank you.
Alexis

Here is my module function to fix this.
As said on https://developer.mozilla.org/en/how_to_turn_off_form_autocompletion, the way to do this is have an "autocomplete='off'" attribute in the form tag, it does not work if you put in on the input tag (tested on chrome).
So here is a simple way do to it, in a custom module

/*** Hook form alter **/
function mymodule_form_alter(&$form, &$form_state, $form_id) 
{
	  switch ($form_id) 
	  {
        case 'user_profile_form':
	          $form['#attributes']['autocomplete'] = 'off';
	          //$form['account']['pass']['#attributes']['autocomplete'] = 'off'; //will not work
        break;
  }
}

Works fine !

Good point guile2912.

Then I propose the following patch.

The only problem is that it won't fill anything out. So we may have some unwanted side effects. On the other hand, I don't see what else but the password you'd want to have there... 8-)

Thank you.
Alexis

I guess I should actually attach the patch?

I tried the solution in #5 and it's works for me in chrome - it should be working for chrome 6 and up, because adaptation for newer chrome versions is automatic that should not be a problem. The attribute on an input field will also work for msie and firefox.

The solution in #28 will also work, but I dislike it because it will override the behaviour for the full node edit forms instead of only the two password fields.

I recommend implementation of #5 in the module.

tried and +1 to #5, this is a necessity

... and it solves this issue as well: http://drupal.org/node/938722
(menu link title is filled with username)

For those of you who have less experience with the Drupal issue tracker, a +1 is usually not enough to give the maintainer enough info (did you test the patch, or do you just like the approach, or what). If you tested the patch and believe it to be production ready then you need to change the status of the issue to "Reviewed and tested by the community" (RTBC) and give the details of your review.

Hi,

Just for those like me that are not familiar with CVS, here is the link

http://drupalcode.org/viewvc/drupal/contributions/modules/protected_node...

I downloaded the Head file which is "protected_node.module". Uploaded on my server and happy to report the issue, which indeed was not a bug but still annoying for average users, is solved.

Thanks Tolmi.

This issue makes this module nearly unusable. The author needs to warn potential users of this major glaring issue so people won't waste their time. I look forward to future releases of this module.

Edit: The fix in #5 worked perfectly

I have applied patch in #28.
Let me know whether this is enough or not.
I would prefer to avoid JavaScript since that's yet another file to load. Plus, JS may not be running on the target machine.

Thank you.
Alexis Wilke

Okay, auto-complete 'off' is in. Feel free to re-open if you still have a problem.

Thank you.
Alexis Wilke

WFM in beta3