Make WordPress Core

Opened 9 months ago

Last modified 8 months ago

#52714 reopened defect (bug)

Add New User Autofill Bug

Reported by: clonemykey Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.6.2
Component: Users Keywords: has-patch needs-testing
Focuses: ui, administration Cc:


Right now when I click Add New User it auto-fills the username with my ADMIN username and then also shows my password in plain text.

Attachments (1)

52714.diff (2.3 KB) - added by sabernhardt 8 months ago.

Download all attachments as: .zip

Change History (7)

#1 @sabernhardt
9 months ago

  • Component changed from General to Users
  • Focuses ui administration added

#2 @mrinal013
9 months ago

  • Resolution set to invalid
  • Status changed from new to closed

Hello clonemykey,

Thanks for submit your issue.

Sorry to say that I can't see this issue in my side. https://prnt.sc/10rc5jl

#3 @sabernhardt
8 months ago

  • Keywords reporter-feedback added
  • Resolution invalid deleted
  • Status changed from closed to reopened

@clonemykey Which browser and/or password manager saves your username and password?

The username input currently does not discourage autocomplete, but the (plain-text) password input has autocomplete="off" (which Chrome apparently does not honor yet).

I think we could switch the password's attribute to autocomplete="new-password" instead. It's probably good to add the "off" value for the username as well, for any browser that supports it.

Last edited 8 months ago by sabernhardt (previous) (diff)

#4 @clonemykey
8 months ago

@sabernhardt, the issue is only effecting us when we use Chrome for Linux. We're currently on Version 89.0.4389.90 (Official Build) (64-bit). So, it sounds like you're on to something.

Version 0, edited 8 months ago by clonemykey (next)

8 months ago

#5 @sabernhardt
8 months ago

  • Keywords has-patch needs-testing added; reporter-feedback removed

Thanks for confirming your browser.

The attached patch worked for me with Chrome (Windows) when I applied the changes to a hosted staging site. (My local installation did not autofill before or after the patch.)

Would the autocomplete_users_for_site_admins hook require any further adjustments to the patch?

Last edited 8 months ago by sabernhardt (previous) (diff)

#6 @sabernhardt
8 months ago

Related: #43886 (existing user edit screen)

Note: See TracTickets for help on using tickets.