Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

MDL-29917 prevent form autocompletion in most Moodle forms

The password autocompletion in case of Moodle makes sense only on the login page, the form autocompletion in general is most probably useful only on the user signup page.

This patch is compatible with html 5, unfortunately we have to ignore strict warnings in legacy xhtml 1.0 standard.
  • Loading branch information...
commit 43625959f72f0312f0a956f7229f5032316de3f7 1 parent ea5534f
@skodak skodak authored
View
12 lib/form/password.php
@@ -15,6 +15,16 @@ class MoodleQuickForm_password extends HTML_QuickForm_password{
*/
var $_helpbutton='';
function MoodleQuickForm_password($elementName=null, $elementLabel=null, $attributes=null) {
+ global $CFG;
+ if (empty($CFG->xmlstrictheaders)) {
+ // no standard mform in moodle should allow autocomplete of passwords
+ // this is valid attribute in html5, sorry, we have to ignore validation errors in legacy xhtml 1.0
+ $attributes = (array)$attributes;
+ if (!isset($attributes['autocomplete'])) {
+ $attributes['autocomplete'] = 'off';
+ }
+ }
+
parent::HTML_QuickForm_password($elementName, $elementLabel, $attributes);
}
/**
@@ -48,4 +58,4 @@ function getHelpButton(){
return $this->_helpbutton;
}
}
-?>
+?>
View
10 lib/form/passwordunmask.php
@@ -15,6 +15,16 @@
class MoodleQuickForm_passwordunmask extends MoodleQuickForm_password {
function MoodleQuickForm_passwordunmask($elementName=null, $elementLabel=null, $attributes=null) {
+ global $CFG;
+ if (empty($CFG->xmlstrictheaders)) {
+ // no standard mform in moodle should allow autocomplete of passwords
+ // this is valid attribute in html5, sorry, we have to ignore validation errors in legacy xhtml 1.0
+ $attributes = (array)$attributes;
+ if (!isset($attributes['autocomplete'])) {
+ $attributes['autocomplete'] = 'off';
+ }
+ }
+
parent::MoodleQuickForm_password($elementName, $elementLabel, $attributes);
}
View
10 lib/formslib.php
@@ -106,6 +106,16 @@ class moodleform {
* @return moodleform
*/
function moodleform($action=null, $customdata=null, $method='post', $target='', $attributes=null, $editable=true) {
+ global $CFG;
+ if (empty($CFG->xmlstrictheaders)) {
+ // no standard mform in moodle should allow autocomplete with the exception of user signup
+ // this is valid attribute in html5, sorry, we have to ignore validation errors in legacy xhtml 1.0
+ $attributes = (array)$attributes;
+ if (!isset($attributes['autocomplete'])) {
+ $attributes['autocomplete'] = 'off';
+ }
+ }
+
if (empty($action)){
$action = strip_querystring(qualified_me());
}
View
5 lib/javascript-static.js
@@ -427,13 +427,14 @@ function unmaskPassword(id) {
try {
// first try IE way - it can not set name attribute later
if (chb.checked) {
- var newpw = document.createElement('<input type="text" name="'+pw.name+'">');
+ var newpw = document.createElement('<input type="text" autocomplete="off" name="'+pw.name+'">');
} else {
- var newpw = document.createElement('<input type="password" name="'+pw.name+'">');
+ var newpw = document.createElement('<input type="password" autocomplete="off" name="'+pw.name+'">');
}
newpw.attributes['class'].nodeValue = pw.attributes['class'].nodeValue;
} catch (e) {
var newpw = document.createElement('input');
+ newpw.setAttribute('autocomplete', 'off');
newpw.setAttribute('name', pw.name);
if (chb.checked) {
newpw.setAttribute('type', 'text');
View
2  login/signup.php
@@ -26,7 +26,7 @@ function signup_captcha_enabled() {
//HTTPS is potentially required in this page
httpsrequired();
- $mform_signup = new login_signup_form();
+ $mform_signup = new login_signup_form(null, null, 'post', '', array('autocomplete'=>'on'));
if ($mform_signup->is_cancelled()) {
redirect($CFG->httpswwwroot.'/login/index.php');

0 comments on commit 4362595

Please sign in to comment.
Something went wrong with that request. Please try again.