Just to add my $0.02: I agree that this is due to something beyond the
control of mediawiki and probably shouldn't be worked around -
Clearing the box down with JS should be easy but if you're going to wait
more than a few milliseconds to do it, an experienced user may well have
started to type into the box by that time - and silently chopping off
the first few chars of your old password is not a great plan. (This is
more likely to happen if it's driven by the page's onload event which
won't fire until after all images etc... Are loaded meaning the PW box
itself may have been visible for a number of seconds on a slow
connection)
I was under the impression that FF and other browsers remembered
passwords based on the URL and field names (please correct me if I'm
wrong) so I'm not sure why it's pre-populating the password on that page
(the edit box has a different name to the login page) unless someone has
specifically prompted the browser to remember their password on the
change password (preferences) page - which seems to me to be utterly
pointless in the first place.
Can you clarify why exactly FF is remembering the password on that page
- did you ask it to?
-----Original Message-----
From: wikitech-l-bounces(a)lists.wikimedia.org
[mailto:wikitech-l-bounces@lists.wikimedia.org] On Behalf Of Petr Kadlec
Sent: 05 November 2008 17:42
To: Wikimedia developers
Subject: Re: [Wikitech-l] Bug in user prefereces
2008/11/5 Aryeh Gregor <Simetrical+wikilist(a)gmail.com>om>:
On Wed, Nov 5, 2008 at 12:28 PM, Petr Kadlec
<petr.kadlec(a)gmail.com>
wrote:
> If the password boxes are really empty, the system
assumes that.
> However, if you use some password-remembering browser (such as
> Firefox), it "helpfully" pre-fills the "current password" box,
leading
to this. At
least, that is what happened to me. Be sure to manually
clear the "old password" editbox before changing other preferences,
and everything should work fine.
That still seems like a bug on our part. The extra (and unintuitive)
step shouldn't be necessary.
And what do you think we should do? From our viewpoint, the situation
is identical to the user trying to set his password to empty string.
So, if a user really does try to do that, should we just ignore it,
not telling him anything? Hmmm... We could say "if you tried to clear
your password, we ignored it, as that is not allowed, but other
preferences have been changed successfully, but I am not sure how much
of an improvement is that. We might also try to outsmart Firefox by
clearing the editbox explicitly using JavaScript shortly after the
page is loaded. (I don't know if that would even work, but maybe worth
an attempt.)
-- [[cs:User:Mormegil | Petr Kadlec]]
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
________________________________________________________________________
This e-mail has been scanned for all viruses by Star. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________
P Please think of the environment before you print this email
________________________________________________________________________
This email and any files transmitted with it are private and intended solely for the use
of the individual or entity to whom they are addressed. If you have received this email in
error please return it to the address it came from telling them it is not for you and then
delete it from your system.
This footnote also confirms that this email message has been swept for the presence of
computer viruses but this in no way indicates that the message is virus free.
Teleperformance is a trading style of MM Teleperformance Ltd: Reg No. 02060289 England:
Registered Office: St James House, Moon Street, Bristol, BS2 8QY. VAT No.763 0980 18
_______________________________________________________________________