[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Sep 22 10:26:03 CEST 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371
Mason James <mtj at kohaaloha.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|rel_3_2 |master
--- Comment #8 from Mason James <mtj at kohaaloha.com> 2011-09-22 08:26:03 UTC ---
(In reply to comment #2)
> patch applied to tag 'v3.02.00'
>
> this patch has only been tested in firefox so far, and requires a firefox
> config-change.
>
> edit firefox's 'user.js' file and add this line to it
> user_pref("dom.allow_scripts_to_close_windows", true);
>
> FYI: according to the web-security forums, this is the best/only way to get
> around this problem
an update on this bug...
ive come to a situation that i cant find a solution for
the patch works *perfectly* for browsers with the
'user_pref("dom.allow_scripts_to_close_windows")' pref set to 'TRUE'
so, the good news is library-staff can force this setting on their OPAC's
browser, and this patch will work great!
the bad news is ... this patch works horribly for browsers with the pref set
to 'FALSE' (which is default) and *fails* logging out a person :/
the obvious solution here is to test whether a browser has the
'dom.allow_scripts_to_close_windows' value set to TRUE then execute this js
code, or not...
sounds easy?, nope...
i cant work out a technique to get the 'dom.allow_scripts_to_close_windows'
value from a browser
(my hunch is that it's probably deliberately impossible to determine that info)
so, the original security/privacy issue still remains in MASTER - but this
patch is broken
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
More information about the Koha-bugs
mailing list