[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Liz Reachanged: What|Removed |Added CC||l...@catalyst.net.nz --- Comment #19 from Liz Rea --- Pushed to 3.18.x, is in 3.18.12. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Chris Cormackchanged: What|Removed |Added CC||ch...@bigballofwax.co.nz Status|Pushed to Master|Pushed to Stable --- Comment #18 from Chris Cormack --- Pushed to 3.20.x will be in 3.20.5 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Tomás Cohen Arazichanged: What|Removed |Added Status|Passed QA |Pushed to Master CC||tomasco...@gmail.com --- Comment #17 from Tomás Cohen Arazi --- Patches pushed to master. Thanks Jonathan! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Marcel de Rooychanged: What|Removed |Added Status|Failed QA |Signed Off Patch complexity|--- |Small patch -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Marcel de Rooychanged: What|Removed |Added Attachment #42194|0 |1 is obsolete|| --- Comment #16 from Marcel de Rooy --- Created attachment 42325 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=42325=edit Bug 14509: (follow-up) Reject invalid passwords The members.js was not included in member-password.tt And it cannot, there are specific code which cannot be used outside of memberentry.tt Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 --- Comment #15 from Marcel de Rooy--- Created attachment 42324 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=42324=edit Bug 14509: Reject invalid passwords Bug 10177 rejects password with leading or trailing whitespaces, but only on the member-password page. It's not consistent to only do this check on 1 place. This patch adds the check for the 2 other places: memberentry and at the OPAC. Test plan: 1/ Edit a patron and set a password with leading and/or trailing whitespaces. You should not be allowed to do it (no server side check). 2/ Same at the OPAC ("Change you password" tab). Here there is a server side check. Followed test plan. Works as expected. Signed-off-by: Marc Véron Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Marcel de Rooychanged: What|Removed |Added Attachment #41295|0 |1 is obsolete|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Marcel de Rooychanged: What|Removed |Added Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 --- Comment #14 from Jonathan Druart--- Marcel, you should get the JS alert preventing the form to be submitted. Are you sure you have correctly refreshed the cache? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Marcel de Rooychanged: What|Removed |Added Status|Signed Off |Failed QA CC||m.de.r...@rijksmuseum.nl --- Comment #13 from Marcel de Rooy --- member-password and member-entry are not consistent: member-password does not allow trailing space, but member-entry does ... member-entry: 1234 becomes $2a$08$se1EC5tmOPHRh2NKoHlVVu4UWzq.SBTh1zY/qjQ94qzZPOd20HcW2 1234 becomes $2a$08$0nW80AYBaRFf5MEVoesp0uzMAGYlTZiZDlpTl4bjQNx7bhIGGS6FW FQA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Marcel de Rooychanged: What|Removed |Added QA Contact|testo...@bugs.koha-communit |m.de.r...@rijksmuseum.nl |y.org | -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 --- Comment #12 from Jonathan Druart--- Created attachment 42194 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=42194=edit Bug 14509: (follow-up) Reject invalid passwords The members.js was not included in member-password.tt And it cannot, there are specific code which cannot be used outside of memberentry.tt -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Jonathan Druartchanged: What|Removed |Added Status|Failed QA |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Katrin Fischerchanged: What|Removed |Added Status|Signed Off |Failed QA --- Comment #11 from Katrin Fischer --- Opac works great, but I can't trigger the message changing my password from the 'Change password' page in staff (http://localhost:8080/cgi-bin/koha/members/member-password.pl?member=1) It seems to work alright without this patch. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 --- Comment #10 from Katrin Fischer--- Maybe it could be a good enh to add something like: "Your password hasn't been changed." to the message in the OPAC. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Joonas Kylmälä j.kylm...@gmail.com changed: What|Removed |Added See Also||http://bugs.koha-community. ||org/bugzilla3/show_bug.cgi? ||id=14620 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 --- Comment #9 from Joonas Kylmälä j.kylm...@gmail.com --- Well it doesn't (In reply to Jonathan Druart from comment #8) The intranet side does not work if JS is disabled. It works and looks actually pretty ok, from the whole process of finding the patron with the search bar in the top to changing the password. But I also think it is not so urgent to do the server side check. However, there is bug 14620, so if it goes to upstream then maybe the password validation could go there and then it could check also for the spaces :) -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 --- Comment #8 from Jonathan Druart jonathan.dru...@bugs.koha-community.org --- The intranet side does not work if JS is disabled. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 --- Comment #6 from Jonathan Druart jonathan.dru...@bugs.koha-community.org --- (In reply to Joonas Kylmälä from comment #5) (In reply to Owen Leonard from comment #4) (In reply to Joonas Kylmälä from comment #3) Shouldn't we change it to server side as it looks like all the other fields are checked that way. There are changes to the template and to opac-passwd.pl. To confirm, disable JavaScript and see if the server-side check is working correctly as well. opac-passwd.pl is for the end user server side check, right? I disabled JavaScript in the staff side and there wasn't any check from the server side, it allowed to change the password (this was also mentioned in the test plan). So should we change the code so that it checks for the whitespaces in the server side when the password is changed from the staff view? If you like, you can provide it. But I don't know why a librarian will force a password if the application denies it. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 --- Comment #7 from Joonas Kylmälä j.kylm...@gmail.com --- (In reply to Jonathan Druart from comment #6) (In reply to Joonas Kylmälä from comment #5) (In reply to Owen Leonard from comment #4) (In reply to Joonas Kylmälä from comment #3) Shouldn't we change it to server side as it looks like all the other fields are checked that way. There are changes to the template and to opac-passwd.pl. To confirm, disable JavaScript and see if the server-side check is working correctly as well. opac-passwd.pl is for the end user server side check, right? I disabled JavaScript in the staff side and there wasn't any check from the server side, it allowed to change the password (this was also mentioned in the test plan). So should we change the code so that it checks for the whitespaces in the server side when the password is changed from the staff view? If you like, you can provide it. But I don't know why a librarian will force a password if the application denies it. Librarian doesn't need to force the password, only use a browser where the JavaScript is disabled. So I give one vote for the server side check. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Joonas Kylmälä j.kylm...@gmail.com changed: What|Removed |Added CC||j.kylm...@gmail.com --- Comment #3 from Joonas Kylmälä j.kylm...@gmail.com --- Attachment 41295 uses client side checking for the whitespaces in the staff side password changing view. Shouldn't we change it to server side as it looks like all the other fields are checked that way. I think it would be more consistent. What do you think? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 --- Comment #4 from Owen Leonard oleon...@myacpl.org --- (In reply to Joonas Kylmälä from comment #3) Shouldn't we change it to server side as it looks like all the other fields are checked that way. There are changes to the template and to opac-passwd.pl. To confirm, disable JavaScript and see if the server-side check is working correctly as well. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 --- Comment #5 from Joonas Kylmälä j.kylm...@gmail.com --- (In reply to Owen Leonard from comment #4) (In reply to Joonas Kylmälä from comment #3) Shouldn't we change it to server side as it looks like all the other fields are checked that way. There are changes to the template and to opac-passwd.pl. To confirm, disable JavaScript and see if the server-side check is working correctly as well. opac-passwd.pl is for the end user server side check, right? I disabled JavaScript in the staff side and there wasn't any check from the server side, it allowed to change the password (this was also mentioned in the test plan). So should we change the code so that it checks for the whitespaces in the server side when the password is changed from the staff view? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 --- Comment #2 from Marc Véron ve...@veron.ch --- Created attachment 41295 -- http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=41295action=edit [Signed-off] Bug 14509: Reject invalid passwords Bug 10177 rejects password with leading or trailing whitespaces, but only on the member-password page. It's not consistent to only do this check on 1 place. This patch adds the check for the 2 other places: memberentry and at the OPAC. Test plan: 1/ Edit a patron and set a password with leading and/or trailing whitespaces. You should not be allowed to do it (no server side check). 2/ Same at the OPAC (Change you password tab). Here there is a server side check. Followed test plan. Works as expected. Signed-off-by: Marc Véron ve...@veron.ch -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Marc Véron ve...@veron.ch changed: What|Removed |Added CC||ve...@veron.ch Attachment #40993|0 |1 is obsolete|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Marc Véron ve...@veron.ch changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 --- Comment #1 from Jonathan Druart jonathan.dru...@bugs.koha-community.org --- Created attachment 40993 -- http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=40993action=edit Bug 14509: Reject invalid passwords Bug 10177 rejects password with leading or trailing whitespaces, but only on the member-password page. It's not consistent to only do this check on 1 place. This patch adds the check for the 2 other places: memberentry and at the OPAC. Test plan: 1/ Edit a patron and set a password with leading and/or trailing whitespaces. You should not be allowed to do it (no server side check). 2/ Same at the OPAC (Change you password tab). Here there is a server side check. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Jonathan Druart jonathan.dru...@bugs.koha-community.org changed: What|Removed |Added Assignee|gmcha...@gmail.com |jonathan.dru...@bugs.koha-c ||ommunity.org CC||jonathan.dru...@bugs.koha-c ||ommunity.org -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 14509] Koha still allows spaces at the end, beginning or as your password
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14509 Katrin Fischer katrin.fisc...@bsz-bw.de changed: What|Removed |Added See Also||http://bugs.koha-community. ||org/bugzilla3/show_bug.cgi? ||id=10177 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/