[Bug 1919] New: Form contents not escaped on login page
http://bugs.koha.org/cgi-bin/bugzilla/show_bug.cgi?id=1919 Summary: Form contents not escaped on login page Product: Koha Version: rel_3_0 Platform: PC OS/Version: All Status: NEW Severity: normal Priority: P3 Component: Authentication AssignedTo: chris@bigballofwax.co.nz ReportedBy: dswhite42@yahoo.com QAContact: koha-bugs@nongnu.org I was entering in a new MARC record, and as it happened, my session expired before I finished. When I clicked "Save", therefore, I was taken to the "Session timed out, please login again" page. All good and well. Problem is, the form that is passed into the login page does not have its contents escaped. Therefore if there are any characters in the MARC form like angle-brackets, quotation marks, etc. they will break the login form (or, if not that, then the Add Biblio form that follows it). Attached are some screenshots showing the problem - a screenshot of the MARC form, a screenshot of the login form, and a look at the source code of the broken login form. ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
participants (1)
-
bugzilla-daemon@pippin.metavore.com