Last modified: 2011-03-13 18:05:09 UTC
As you may be aware, some of the more recent and popular browsers (unlike lynx) fill in saved usernames & passwords automatically on login pages. This does also happen on Special:Preferences; browsers fill in "Old password:" in the section "User profile" -> "Change password". When the user changes anything in his preferences, but omit changing anything in the "Change password" section, saving their preferences fail ("Incorrect password entered. Please try again."). This is because MediaWiki assumes that the user wants a new password if he fills in any of the "Change password"-fields; however browsers do not automatically fill in the "New password:" and "Retype new password:" so it looks to MediaWiki as if the user tried to change his password to void (which is an invalid request). I think a more practical behavior for MediaWiki would be to ignore a "Change password"-request, if only "Old password:" has been filled in.
This is clearly wrong behavior on the part of the browsers. I think this was discussed recently in a duplicate bug.
Well, just because some browsers don't do their job correctly doesn't mean we can just look away. If Internet Explorer isn't compliant to XHTML specifications we also can't just say "Sorry, IE is not supported as it isn't compliant to standards". I've encountered multiple persons having this problem and we can't just expect them to solve this problem themselves. Besides, I don't really see the disadvantage of my proposal: It should be obvious to everyone that you can't change your password to void, and therefore it is unnecessary to warn people about it.
XHTML isn't a good example. The issue her is a browser performing user behavior for the user, in a way that the server cannot tell if it a the browser or the user. Also, we are dealing with passwords, so I'd be inherently careful about hacks around sloppy browser features.
