[Koha-bugs] [Bug 1919] New: Form contents not escaped on login page

[bugzilla-daemon at pippin.metavore.com]

http://bugs.koha.org/cgi-bin/bugzilla/show_bug.cgi?id=1919

           Summary: Form contents not escaped on login page
           Product: Koha
           Version: rel_3_0
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Authentication
        AssignedTo: chris at bigballofwax.co.nz
        ReportedBy: dswhite42 at yahoo.com
         QAContact: koha-bugs at nongnu.org


I was entering in a new MARC record, and as it happened, my session expired
before I finished.  When I clicked "Save", therefore, I was taken to the
"Session timed out, please login again" page.  All good and well.

Problem is, the form that is passed into the login page does not have its
contents escaped.  Therefore if there are any characters in the MARC form like
angle-brackets, quotation marks, etc. they will break the login form (or, if
not that, then the Add Biblio form that follows it).

Attached are some screenshots showing the problem - a screenshot of the MARC
form, a screenshot of the login form, and a look at the source code of the
broken login form.




------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.