Hi, all. Our library uses self-registration quite a bit, and I've recently 
stumbled upon a bug that can occur when Koha generates a random password for a 
user during self-registration and attempts to display it to the user since 
these passwords are not HTML-encoded. I have documented the bug here: 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911.



Basically, the PatronSelfRegistrationPrefillForm preference can be set so that 
self-registered patrons are shown their password upon creating an account. This 
setting is necessary at our library because we do not allow patrons to select 
their own passwords during self-registration due to bug 19845, 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845.



If the password that is generated randomly by Koha contains the less-than 
character, <, browsers think that this is the beginning of an HTML element, so 
the less-than character and anything after it are not displayed to the user. 
This means that users are not shown their full password!


This screenshot illustrates what I'm describing: 
https://i.imgur.com/hlKpU1I.png.



Arturo Longoria
Reference Librarian/Web Manager
Texas State Law Library
www.sll.texas.gov<http://www.sll.texas.gov/>

_______________________________________________
Koha mailing list  http://koha-community.org
[email protected]
https://lists.katipo.co.nz/mailman/listinfo/koha

Reply via email to