ZF-2860: (re)render the submitted password

Description

Why I want this? here is an example: registration form: username, password. validator fails: username is already in use form renders again with the username's errormessage and password input is gone. the user has to type it in again (twice for confirmation)

while this might be usefull for security reasons I prefere user friendly websites. my patch will not render the password by default, just add a setRenderPassword() method to Zend_Form_Element_Password

patch:

Index: Form/Element/Password.php
===================================================================
--- Form/Element/Password.php   (revision 8741)
+++ Form/Element/Password.php   (working copy)
@@ -40,7 +40,31 @@
      */
     public $helper = 'formPassword';
 
+    public $options = array();
+
     /**
+     * should the entered password be rerendered when form is rerendered due to error (or success)
+     *
+     * @param bool $flag
+     * @return Zend_Form_Element_Password $this
+     */
+    public function setRenderPassword($flag) {
+        // small hack. we can access attribs in Zend_View_Helper_FormPassword
+        $this->options['renderPassword'] = (bool) $flag;
+        return $this;
+    }
+    
+    /**
+     * returns whether passord will be rerendered when form is rerendered due to error (or success)
+     *
+     * @return bool
+     */
+    public function getRenderPassword() {
+        // this way unset and false will return false
+        return !empty($this->options['renderPassword']);
+    }
+
+    /**
      * Override isValid()
      *
      * Ensure that validation error messages mask password value.
Index: View/Helper/FormPassword.php
===================================================================
--- View/Helper/FormPassword.php    (revision 8741)
+++ View/Helper/FormPassword.php    (working copy)
@@ -52,9 +52,9 @@
      *
      * @return string The element XHTML.
      */
-    public function formPassword($name, $value = null, $attribs = null)
+    public function formPassword($name, $value = null, $attribs = null, $options = null)
     {
-        $info = $this->_getInfo($name, $value, $attribs);
+        $info = $this->_getInfo($name, $value, $attribs, $options);
         extract($info); // name, value, attribs, options, listsep, disable
 
         // build the element
@@ -69,11 +69,17 @@
         if (($this->view instanceof Zend_View_Abstract) && !$this->view->doctype()->isXhtml()) {
             $endTag= '>';
         }
+        
+        // for security reasons don't render value of password by default!
+        // empty returns true when renderPassword is false or not set
+        if(empty($options['renderPassword'])) {
+            $value = '';
+        }
 
         $xhtml = '_htmlAttribs($attribs)
                 . $endTag;

both ways are working:

new Zend_Form_Element_Password('password', array('renderPassword' => true));

$password = new Zend_Form_Element_Password('password');
$password ->setRenderPassword(true);

Comments

Please categorize/fix as needed.

Scheduling for next mini release.

Resolved in trunk and 1.5 release branch. You may now pass a 'renderPassword' attribute to formPassword() (or set it in your Zend_Form_Element_Password object), and the password will be re-rendered in the form.