ZF-2697: Password element repopulates posted value in html


This is somewhat an extension of bug:

; general form metainformation
user.login.action = "/user/login"
user.login.method = "post"

; username element
user.login.elements.username.type = "text"
user.login.elements.username.options.validators.alnum.validator = "alnum"
user.login.elements.username.options.validators.regex.validator = "regex"
user.login.elements.username.options.validators.regex.options.pattern = "/^[a-z]/i"
user.login.elements.username.options.validators.strlen.validator = "StringLength"
user.login.elements.username.options.validators.strlen.options.min = "6"
user.login.elements.username.options.validators.strlen.options.max = "20"
user.login.elements.username.options.required = true
user.login.elements.username.options.filters.lower.filter = "StringToLower"

; password element
user.login.elements.password.type = "password"
user.login.elements.password.options.validators.strlen.validator = "StringLength"
user.login.elements.password.options.validators.strlen.options.min = "6"
user.login.elements.password.options.required = true

; submit element
user.login.elements.submit.type = "submit"

$config = new Zend_Config_Ini('/path/to/config.ini', 'development')
$form = new Zend_Form($config);

if (!$form->isValid($this->getRequest()->getPost())) {
$this->view->login_form = $form;

If the password "asdf" is entered, the error message will be:

'"****" is less than 6 characters long'

which is good, but the field itself is populated. And when you look at the HTML it shows something like:

It doesn't seem to me like good practice to repopulate the password field, although I'm sure there's some situations that warrant it. If the password has failed, I find it very unlikely a user will be changing it from within the html. I would suggest not repopulating it by default, but creating an element configuration option that allows it to persist.


Fixed in trunk; password value is now always hard-coded to empty.

Clarification: the value in the view helper is always hard-coded to empty; the form can always retain the value.