Make WordPress Core

Opened 3 years ago

Closed 2 years ago

#52714 closed defect (bug) (fixed)

Add New User Autofill Bug

Reported by: clonemykey's profile clonemykey Owned by: joedolson's profile joedolson
Milestone: 6.0 Priority: normal
Severity: normal Version: 5.6.2
Component: Users Keywords: has-patch needs-testing commit
Focuses: ui, administration Cc:


Right now when I click Add New User it auto-fills the username with my ADMIN username and then also shows my password in plain text.

Attachments (1)

52714.diff (2.3 KB) - added by sabernhardt 3 years ago.

Download all attachments as: .zip

Change History (13)

#1 @sabernhardt
3 years ago

  • Component changed from General to Users
  • Focuses ui administration added

#2 @mrinal013
3 years ago

  • Resolution set to invalid
  • Status changed from new to closed

Hello clonemykey,

Thanks for submit your issue.

Sorry to say that I can't see this issue in my side.

#3 @sabernhardt
3 years ago

  • Keywords reporter-feedback added
  • Resolution invalid deleted
  • Status changed from closed to reopened

@clonemykey Which browser and/or password manager saves your username and password?

The username input currently does not discourage autocomplete, but the (plain-text) password input has autocomplete="off" (which Chrome apparently does not honor yet).

I think we could switch the password's attribute to autocomplete="new-password" instead. It's probably good to add the "off" value for the username as well, for any browser that supports it.

Last edited 3 years ago by sabernhardt (previous) (diff)

#4 @clonemykey
3 years ago

@sabernhardt, the issue is only effecting us when we use Chrome for Linux. We're currently on Version 89.0.4389.90 (Official Build) (64-bit). So, it sounds like you're on to something. Using the built-in password manager for Chrome as well.

Last edited 3 years ago by clonemykey (previous) (diff)

3 years ago

#5 @sabernhardt
3 years ago

  • Keywords has-patch needs-testing added; reporter-feedback removed

Thanks for confirming your browser.

The attached patch worked for me with Chrome (Windows) when I applied the changes to a hosted staging site. (My local installation did not autofill before or after the patch.)

Would the autocomplete_users_for_site_admins hook require any further adjustments to the patch?

Last edited 3 years ago by sabernhardt (previous) (diff)

#6 @sabernhardt
3 years ago

Related: #43886 (existing user edit screen)

#7 @sabernhardt
2 years ago

  • Milestone changed from Awaiting Review to 6.0

#8 @davidbaumwald
2 years ago

  • Owner set to davidbaumwald
  • Status changed from reopened to accepted

#9 @davidbaumwald
2 years ago

  • Keywords assigned-for-commit added

#10 @sabernhardt
2 years ago

The latest patch on #43886 includes the new-password values on the New User page (but not the off value for the username).

#11 @joedolson
2 years ago

  • Keywords commit added; assigned-for-commit removed
  • Owner changed from davidbaumwald to joedolson
  • Status changed from accepted to assigned

#12 @joedolson
2 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 53111:

Users: Use autocomplete values on user profiles.

Assign appropriate autocomplete values for new and edited user, user email, and password fields.

Props clonemykey, sabernhardt, WraithKenny, bookdude13, konradyoast.
Fixes #43886, #52714.

Note: See TracTickets for help on using tickets.