Just to add my $0.02: I agree that this is due to something beyond the control of mediawiki and probably shouldn't be worked around -
Clearing the box down with JS should be easy but if you're going to wait more than a few milliseconds to do it, an experienced user may well have started to type into the box by that time - and silently chopping off the first few chars of your old password is not a great plan. (This is more likely to happen if it's driven by the page's onload event which won't fire until after all images etc... Are loaded meaning the PW box itself may have been visible for a number of seconds on a slow connection)
I was under the impression that FF and other browsers remembered passwords based on the URL and field names (please correct me if I'm wrong) so I'm not sure why it's pre-populating the password on that page (the edit box has a different name to the login page) unless someone has specifically prompted the browser to remember their password on the change password (preferences) page - which seems to me to be utterly pointless in the first place.
Can you clarify why exactly FF is remembering the password on that page - did you ask it to?
-----Original Message----- From: wikitech-l-bounces@lists.wikimedia.org [mailto:wikitech-l-bounces@lists.wikimedia.org] On Behalf Of Petr Kadlec Sent: 05 November 2008 17:42 To: Wikimedia developers Subject: Re: [Wikitech-l] Bug in user prefereces
2008/11/5 Aryeh Gregor Simetrical+wikilist@gmail.com:
On Wed, Nov 5, 2008 at 12:28 PM, Petr Kadlec petr.kadlec@gmail.com
wrote:
If the password boxes are really empty, the system assumes that. However, if you use some password-remembering browser (such as Firefox), it "helpfully" pre-fills the "current password" box,
leading
to this. At least, that is what happened to me. Be sure to manually clear the "old password" editbox before changing other preferences, and everything should work fine.
That still seems like a bug on our part. The extra (and unintuitive) step shouldn't be necessary.
And what do you think we should do? From our viewpoint, the situation is identical to the user trying to set his password to empty string.
So, if a user really does try to do that, should we just ignore it, not telling him anything? Hmmm... We could say "if you tried to clear your password, we ignored it, as that is not allowed, but other preferences have been changed successfully, but I am not sure how much of an improvement is that. We might also try to outsmart Firefox by clearing the editbox explicitly using JavaScript shortly after the page is loaded. (I don't know if that would even work, but maybe worth an attempt.)
-- [[cs:User:Mormegil | Petr Kadlec]] _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________
P Please think of the environment before you print this email
________________________________________________________________________ This email and any files transmitted with it are private and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please return it to the address it came from telling them it is not for you and then delete it from your system. This footnote also confirms that this email message has been swept for the presence of computer viruses but this in no way indicates that the message is virus free. Teleperformance is a trading style of MM Teleperformance Ltd: Reg No. 02060289 England: Registered Office: St James House, Moon Street, Bristol, BS2 8QY. VAT No.763 0980 18 _______________________________________________________________________