Honeypot name is currently allowed to be the same as another element name in webforms.
This causes major issues, if the honeypot name for example is called 'email', this will clear the other 'email' field on submissions allowing that value not to be submitted.
This thread has started working on it: #2324223: Warn user if certain common field names are used as Honeypot element name β
But here only 'name', 'pass' and 'website' are not allowed as names, this is only the start.
My solution,
In the honeypot_add_form_protection function, where the element is added to the form, just check if the honeypot key already exists in that form. If it does, then change the honeypot name to something that doesn't exist.
See attached patch.
Needs review
2.2
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.