I've noticed an issue that appeared after installing and enabling the protected node module. I'm 99% certain this module is at least partially to blame as it started happening after I enabled the module and if I disable it then it goes away.

The problem occurs when I go to create a content type, normally an event (using the calendar and date modules). For some reason when I go to create an event it will occassionally put my username in the password field for the protected node option. The box will still be unchecked, and it only enters the info in the first password box, but it causes an error to occur if I don't delete it first before submitting the event. It also puts my username in one of the other boxes during the creation page. Specifically the time box for the "except" option for the event repeat section of the calendar/date section.

Hope this makes sense, I'm sure I didn't do a great job explaining things.

Comments

mtolmacs’s picture

mtolmacs commented
Status: Active » Closed (works as designed)

This is not the fault of the module. Your browser puts that data into the fields because the input element named as the same as the login block password field and you obviously clicked on remember the password and user on login.

Also I can't see why you think it is a critical issue as it does not prevent the usage of the module. Please use priorities honestly. Thank you!

smurray’s picture

smurray commented

To me it most definitely was a critical issue as the problem was preventing my staff from creating new content without errors. Most of them do not think to check to see if a password has been entered into the field before submitting the content, which then causes and error and most of them results in a frantic call to me. Please don't pass judgment on things such as these, as just because it is not critical in your eyes does not mean it isn't critical in mine.

Thank you...

Jean-Philippe Fleury’s picture

Jean-Philippe Fleury commented

I agree with smurray. For any node creation/modification, we must extend the "Protected node" menu and clear the password field. It's really annoying and not ergonomics. I think that the specified passwords matching function should be used only if "Node is protected" box is checked.

mtolmacs’s picture

mtolmacs commented
Assigned: Unassigned » mtolmacs
Status: Closed (works as designed) » Active

While I think semantically this is not the problem of the module, I try to hack it so it solves the problem.

emdalton’s picture

emdalton commented

I would appreciate a fix for this, as well. I can see that it is a browser interaction causing the problem, but it creates a usability issue for Protected Node. In particular, since Protected Node settings are collapsed, and most of my users don't use Protected Node most of the time, they don't understand why they can't save the node.

Also, any password being remembered by the browser is probably not the same as a password for a particular protected node, so the field should really identify itself differently.

nhck’s picture

nhck commented

Maybe it could be fixed by adding

AutoComplete="Off"

to the form field?

emdalton’s picture

emdalton commented

I just tried adding the line
'#AutoComplete' => 'Off'
here:

in protected_node_form_alter, in $form['protected_node']['password'] array, after the default_value setting

I also tried commenting out the default_value line in that function.

No luck. The field still auto-fills on FF3.

When I look at this field in Firebug, I get

<div id="edit-password-pass1-wrapper" class="form-item">
  <label for="edit-password-pass1">Password: </label>
  <input id="edit-password-pass1" class="form-text" type="password" size="20" name="password[pass1]"/>
</div>

Where does this id get set?

Here's what's being generated on the regular login page:

<div id="edit-pass-wrapper" class="form-item">
  <label for="edit-pass">
  </label>
  <input id="edit-pass" class="form-text required" type="password" tabindex="2" size="60" name="pass"/>
    <div class="description">Enter the password that accompanies your username.</div>
</div>

It's not the same ID, so why is the password getting filled in? And how can we get "AutoComplete = No" to be passed to this form in the input parameters?

Autocomplete doesn't seem to be something one can set via CSS.

emdalton’s picture

emdalton commented
Version: 5.x-1.3 » 5.x-1.4

Also, this bug is still present in 5.x-1.4.

johntseng’s picture

johntseng commented
Version: 5.x-1.4 » 6.x-1.5

To get around this problem, I changed the form from a pair of password fields that must match (password_confirm) to just a plain text field (text field). This shows the password when I'm editing it, but I don't really care if the password shows on screen when I'm editing. I changed line 111 of protected_node.module from:
'#type' => 'password_confirm',
to:
'#type' => 'textfield',

jadwigo’s picture

jadwigo commented

I thnk this is closely related to http://drupal.org/node/280535 which also has a solution

AlexisWilke’s picture

AlexisWilke commented

I applied #6 to 6.x-1.x

Let me know if that works better for you.

Thank you.
Alexis

AlexisWilke’s picture

AlexisWilke commented
Status: Active » Fixed

Okay, the auto-complete is in. If you still have a problem with this, feel free to reopen the issue. Otherwise, we're all good! 8-)

Thank you.
Alexis Wilke

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.