[Koha-bugs] [Bug 19911] New: Passwords displayed to user during self-registration are not HTML-encoded
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Jan 3 19:38:51 CET 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911
Bug ID: 19911
Summary: Passwords displayed to user during self-registration
are not HTML-encoded
Change sponsored?: ---
Product: Koha
Version: 17.11
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: OPAC
Assignee: oleonard at myacpl.org
Reporter: library at sll.texas.gov
QA Contact: testopia at bugs.koha-community.org
Created attachment 70252
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=70252&action=edit
Example of the generated password not displaying properly due to the less-than
character treated as opening HTML tag
If self-registration is enabled and the PatronSelfRegistrationPrefillForm
system preference is set to "Display and prefill," self-registered users are
shown their password upon successfully registering. If the password contains a
less-than character, browsers treat this as the beginning of an HTML element,
and so the less-than character and anything after it does not display since the
password is not HTML-encoded.
If Koha is set to generate passwords automatically during self-registration
(i.e., users are not allowed or required to enter a password in the
self-registration form), any generated password containing the less-than
character will not display correctly. Users who are expected to copy/save their
password at this time cannot do so, and there is no way to recover that
generated password.
Attached is a screenshot showing what I mean. A solution would to HTML-encode
the passwords when they are displayed as part of the self-registration process,
regardless of whether the user must verify their e-mail address first
(opac-registration-verify.pl).
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list