https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911
Bug ID: 19911
Summary: Passwords displayed to user during self-registration
are not HTML-encoded
Change sponsored?: ---
Product: Koha
Version: 17.11
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: OPAC
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
Created attachment 70252
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=70252&action=edit
Example of the generated password not displaying properly due to the less-than
character treated as opening HTML tag
If self-registration is enabled and the PatronSelfRegistrationPrefillForm
system preference is set to "Display and prefill," self-registered users are
shown their password upon successfully registering. If the password contains a
less-than character, browsers treat this as the beginning of an HTML element,
and so the less-than character and anything after it does not display since the
password is not HTML-encoded.
If Koha is set to generate passwords automatically during self-registration
(i.e., users are not allowed or required to enter a password in the
self-registration form), any generated password containing the less-than
character will not display correctly. Users who are expected to copy/save their
password at this time cannot do so, and there is no way to recover that
generated password.
Attached is a screenshot showing what I mean. A solution would to HTML-encode
the passwords when they are displayed as part of the self-registration process,
regardless of whether the user must verify their e-mail address first
(opac-registration-verify.pl).
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
