[Koha-bugs] [Bug 1919] New: Form contents not escaped on login page
bugzilla-daemon at pippin.metavore.com
bugzilla-daemon at pippin.metavore.com
Thu Mar 6 00:07:42 CET 2008
http://bugs.koha.org/cgi-bin/bugzilla/show_bug.cgi?id=1919
Summary: Form contents not escaped on login page
Product: Koha
Version: rel_3_0
Platform: PC
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: Authentication
AssignedTo: chris at bigballofwax.co.nz
ReportedBy: dswhite42 at yahoo.com
QAContact: koha-bugs at nongnu.org
I was entering in a new MARC record, and as it happened, my session expired
before I finished. When I clicked "Save", therefore, I was taken to the
"Session timed out, please login again" page. All good and well.
Problem is, the form that is passed into the login page does not have its
contents escaped. Therefore if there are any characters in the MARC form like
angle-brackets, quotation marks, etc. they will break the login form (or, if
not that, then the Add Biblio form that follows it).
Attached are some screenshots showing the problem - a screenshot of the MARC
form, a screenshot of the login form, and a look at the source code of the
broken login form.
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Koha-bugs
mailing list