From da1e91e84269a034ac2d3d48f0016718e2150ab7 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Gerg=C5=91=20Tisza?= <tgr.huwiki@gmail.com>
Date: Fri, 1 Apr 2016 14:54:15 +0300
Subject: [PATCH] Add flag to HTMLTextField to not persist submitted data

Sometimes the submitted text is not expected to show up as default
when the form is redisplayed after an error; password fields are
the obvious example for this, but in some cases (e.g. two-factor
token) it is useful for a normal text field to act like that as well.

The patch adds a new 'persistent' flag to HTMLTextField, which
defaults to false for passwords and true otherwise.

Change-Id: If0a52f61aa061bbb55bfdc76321ace7d3eaed934
---
 includes/htmlform/HTMLTextField.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/includes/htmlform/HTMLTextField.php b/includes/htmlform/HTMLTextField.php
index 4d5bcabbc8..671dfdeee2 100644
--- a/includes/htmlform/HTMLTextField.php
+++ b/includes/htmlform/HTMLTextField.php
@@ -14,7 +14,19 @@ class HTMLTextField extends HTMLFormField {
 		return null;
 	}
 
+	public function isPersistent() {
+		if ( isset( $this->mParams['persistent'] ) ) {
+			return $this->mParams['persistent'];
+		}
+		// don't put passwords into the HTML body, they could get cached or otherwise leaked
+		return !( isset( $this->mParams['type'] ) && $this->mParams['type'] === 'password' );
+	}
+
 	function getInputHTML( $value ) {
+		if ( !$this->isPersistent() ) {
+			$value = '';
+		}
+
 		$attribs = [
 				'id' => $this->mID,
 				'name' => $this->mName,
@@ -85,6 +97,10 @@ class HTMLTextField extends HTMLFormField {
 	}
 
 	function getInputOOUI( $value ) {
+		if ( !$this->isPersistent() ) {
+			$value = '';
+		}
+
 		$attribs = $this->getTooltipAndAccessKey();
 
 		if ( $this->mClass !== '' ) {
-- 
2.20.1