WordPress.org

Make WordPress Core

Changeset 35603


Ignore:
Timestamp:
11/10/2015 08:40:18 PM (5 years ago)
Author:
ocean90
Message:

Passwords: Disable hidden input fields on profile/user edit page.

Prevents an issue where password helpers would autofill the hidden password fields and inadvertently causing password changes when editing other fields on the profile page.

Props adamsilverstein.
Fixes #33699.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/js/user-profile.js

    r34539 r35603  
    196196        } );
    197197
     198        // Disable the hidden inputs to prevent autofill and submission.
     199        $pass1.prop( 'disabled', true );
     200        $pass2.prop( 'disabled', true );
     201        $pass1Text.prop( 'disabled', true );
     202
    198203        $passwordWrapper = $pass1Row.find( '.wp-pwd' );
    199204        $generateButton  = $pass1Row.find( 'button.wp-generate-pw' );
     
    211216            $generateButton.hide();
    212217            $passwordWrapper.show();
     218
     219            // Enable the inputs when showing.
     220            $pass1.attr( 'disabled', false );
     221            $pass2.attr( 'disabled', false );
     222            $pass1Text.attr( 'disabled', false );
    213223
    214224            if ( $pass1Text.val().length === 0 ) {
     
    239249            $generateButton.show();
    240250            $passwordWrapper.hide();
     251
     252            // Disable the inputs when hiding to prevent autofill and submission.
     253            $pass1.prop( 'disabled', true );
     254            $pass2.prop( 'disabled', true );
     255            $pass1Text.prop( 'disabled', true );
    241256
    242257            resetToggle();
Note: See TracChangeset for help on using the changeset viewer.