Zend Framework

• Type: Patch
• Status: Resolved
• Priority: Minor
• Resolution: Fixed
• Affects Version/s: 1.5.0RC1
• Fix Version/s: 1.5.2
• Component/s: Zend_Form, Zend_View
• Labels:

  None

Why I want this?
here is an example:
registration form: username, password.
validator fails: username is already in use
form renders again with the username's errormessage and password input is gone. the user has to type it in again (twice for confirmation)

while this might be usefull for security reasons I prefere user friendly websites.
my patch will not render the password by default, just add a setRenderPassword() method to Zend_Form_Element_Password

patch:

Index: Form/Element/Password.php
===================================================================
--- Form/Element/Password.php	(revision 8741)
+++ Form/Element/Password.php	(working copy)
@@ -40,7 +40,31 @@
      */
     public $helper = 'formPassword';
 
+    public $options = array();
+
     /**
+     * should the entered password be rerendered when form is rerendered due to error (or success)
+     *
+     * @param bool $flag
+     * @return Zend_Form_Element_Password $this
+     */
+    public function setRenderPassword($flag) {
+        // small hack. we can access attribs in Zend_View_Helper_FormPassword
+        $this->options['renderPassword'] = (bool) $flag;
+        return $this;
+    }
+    
+    /**
+     * returns whether passord will be rerendered when form is rerendered due to error (or success)
+     *
+     * @return bool
+     */
+    public function getRenderPassword() {
+        // this way unset and false will return false
+        return !empty($this->options['renderPassword']);
+    }
+
+    /**
      * Override isValid()
      *
      * Ensure that validation error messages mask password value.
Index: View/Helper/FormPassword.php
===================================================================
--- View/Helper/FormPassword.php	(revision 8741)
+++ View/Helper/FormPassword.php	(working copy)
@@ -52,9 +52,9 @@
      *
      * @return string The element XHTML.
      */
-    public function formPassword($name, $value = null, $attribs = null)
+    public function formPassword($name, $value = null, $attribs = null, $options = null)
     {
-        $info = $this->_getInfo($name, $value, $attribs);
+        $info = $this->_getInfo($name, $value, $attribs, $options);
         extract($info); // name, value, attribs, options, listsep, disable
 
         // build the element
@@ -69,11 +69,17 @@
         if (($this->view instanceof Zend_View_Abstract) && !$this->view->doctype()->isXhtml()) {
             $endTag= '>';
         }
+        
+        // for security reasons don't render value of password by default!
+        // empty returns true when renderPassword is false or not set
+        if(empty($options['renderPassword'])) {
+            $value = '';
+        }
 
         $xhtml = '<input type="password"'
                 . ' name="' . $this->view->escape($name) . '"'
                 . ' id="' . $this->view->escape($id) . '"'
-                . ' value=""'                             // don't render value of password!
+                . ' value="' . $this->view->escape($value) . '"'
                 . $disabled
                 . $this->_htmlAttribs($attribs)
                 . $endTag;

both ways are working:

new Zend_Form_Element_Password('password', array('renderPassword' => true));

$password = new Zend_Form_Element_Password('password');
$password ->setRenderPassword(true);

• Assignee:

  Matthew Weier O'Phinney

  Reporter:

  Alexander Lanin

• Created:

  11/Mar/08 9:48 AM

  Updated:

  05/May/08 11:44 AM

  Resolved:

  02/May/08 12:18 PM