subject:"\[Koha\-bugs\] \[Bug 5371\] Back\-button in OPAC shows previous user's details, after LOGOUT"

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout

2019-03-21 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Jonathan Druart  changed:

   What|Removed |Added

   See Also||https://bugs.koha-community
   ||.org/bugzilla3/show_bug.cgi
   ||?id=22542

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout

2016-01-06 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Liz Rea  changed:

   What|Removed |Added

 Status|Pushed to Master|Pushed to Stable

--- Comment #41 from Liz Rea  ---
Pushed to 3.18.13, and released.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout

2015-12-04 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #40 from Galen Charlton  ---
(In reply to Frédéric Demians from comment #39)
> This patch has been pushed to 3.20.x, will be in 3.20.7.

Thanks!

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout

2015-12-04 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Katrin Fischer  changed:

   What|Removed |Added

 CC||frede...@tamil.fr,
   ||l...@catalyst.net.nz

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout

2015-12-04 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Galen Charlton  changed:

   What|Removed |Added

 CC||gmcha...@gmail.com

--- Comment #36 from Galen Charlton  ---
Noting/requesting that as this patch fixes a patron privacy bug, it would be
good it for it to be backported.  It cherry-picks cleanly onto 3.20.x and with
only a minor merge conflict onto 3.18.x.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout

2015-12-04 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #37 from Frédéric Demians  ---
(In reply to Galen Charlton from comment #36)
> Noting/requesting that as this patch fixes a patron privacy bug, it would be
> good it for it to be backported.  It cherry-picks cleanly onto 3.20.x and
> with only a minor merge conflict onto 3.18.x.

What is the right process for this? Do I have to wait that 3.22 RMaint pushes
this patch to its branch for pushing it to 3.20, or do I have to pick it up
directly from master?

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout

2015-12-04 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #38 from Katrin Fischer  ---
Hi Frederic, these patches are already in 3.22.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout

2015-12-04 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #39 from Frédéric Demians  ---
This patch has been pushed to 3.20.x, will be in 3.20.7.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout

2015-11-10 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Katrin Fischer  changed:

   What|Removed |Added

Summary|Back-button in OPAC shows   |Back-button in OPAC shows
   |previous user's details,|previous user's details,
   |after LOGOUT|after logout

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-23 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #35 from Chris Cormack  ---
(In reply to Jonathan Druart from comment #34)
> (In reply to Chris Cormack from comment #33)
> > I agree with Marc that we need to also waen the users to close the browser,
> > as I can confirm that this fix doesn't work for Firefox
> 
> What version are you using?

It is now ok in the latest version, I am running firefox developer edition,
43.0a2

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-05 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #34 from Jonathan Druart  
---
(In reply to Chris Cormack from comment #33)
> I agree with Marc that we need to also waen the users to close the browser,
> as I can confirm that this fix doesn't work for Firefox

What version are you using?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-05 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

David Cook  changed:

   What|Removed |Added

 CC||dc...@prosentient.com.au

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-02 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Kyle M Hall  changed:

   What|Removed |Added

 CC||kyle.m.h...@gmail.com

--- Comment #30 from Kyle M Hall  ---
(In reply to Katrin Fischer from comment #29)
> I tested a few times - maybe it's a firefox thing? I was using Firefox in
> Ubuntu. It was described as a privacy measure to not request pages not
> cached automatically again.

I also was testing this patch using Chrome and Firefox on OS X. My experience
is that some pages would give the "cache miss" error in both browsers and some
would just redirect to the login screen.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-02 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #31 from Marc Véron  ---
(In reply to Kyle M Hall from comment #30)
> (In reply to Katrin Fischer from comment #29)
> > I tested a few times - maybe it's a firefox thing? I was using Firefox in
> > Ubuntu. It was described as a privacy measure to not request pages not
> > cached automatically again.
> 
> I also was testing this patch using Chrome and Firefox on OS X. My
> experience is that some pages would give the "cache miss" error in both
> browsers and some would just redirect to the login screen.

I think that happens if the page where you crawl back to is a page that was the
result of a (log-in)form. See first point on comment #19

To reproduce (Firefox 40.1 Win / Chrome 45.0.2454.101 m / ):
- Close all browser windows to have a clear base line
- Open OPAC main page
- Log in as user  with the login form at the right on the main page
- You are now on opac-user.pl
- Go to 'your fines'
- Log out
- You are redirected to the main page
- Hit back button
- You are now on opac-account.pl, it displays the login form
- Hit back button again
- In browser address field you have .../cgi-bin/koha/opac-user.pl 
  and the browser displays a message "Document expired... Try again"
- Hit "ry again"
- Brower displays a pop-up, something like "Send data again..." 
  with buttons 'Send again' / 'Cancel'
- Hit 'Send again'

Result:
- Firefox: ...you are logged in with user AAA and can browse to other pages
- Chrome: the message on .../cgi-bin/koha/opac-user.pl says something 
  like "Confirm sendign data again" and the string  ERR_CACHE_MISS
- IE: the message on .../cgi-bin/koha/opac-user.pl says something like
  'Webite expired... local copy no longer valid...

Fazit: The patches are fine to fix things for Chrome and IE (at least the
version I tested), but with FF 40.1 I was able to get back again to a page with
a valid login.

Since the browsers behave differently (maybe additionally depending on
individual browser settings), I would like to repeat my proposition from
comment #11 (in addition to the patches):

After a logout, display a message similar to the following:
"Logout privacy warning: Please close this browser window if other persons have
access to this computer."

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-02 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #33 from Chris Cormack  ---
I agree with Marc that we need to also waen the users to close the browser, as
I can confirm that this fix doesn't work for Firefox

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-02 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Tomás Cohen Arazi  changed:

   What|Removed |Added

 Status|Passed QA   |Pushed to Master
 CC||tomasco...@gmail.com

--- Comment #32 from Tomás Cohen Arazi  ---
Patches pushed to master.

Thanks Jonathan!

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-02 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #28 from Jonathan Druart  
---
(In reply to Katrin Fischer from comment #27)
> Fixes a long existing security and privacy problem, but also changes
> behaviour a bit: when you are logged in and you try to use the back button,
> you will see a warning, that the browser won't automatically request the
> page again.

I don't remember I got a warning.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-02 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #29 from Katrin Fischer  ---
I tested a few times - maybe it's a firefox thing? I was using Firefox in
Ubuntu. It was described as a privacy measure to not request pages not cached
automatically again.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-01 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #21 from Jonathan Druart  
---
Created attachment 43002
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=43002=edit
Bug 5371: (follow-up) Force no caching for private pages at the OPAC

Same as previous patch for opac-messaging.pl and opac-readingrecord.pl

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-01 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #23 from Marc Véron  ---
Created attachment 43004
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=43004=edit
[Signed-off] Bug 5371: Force no caching for private pages at the OPAC

In order no to slow too much the browsing, it is certainly not a good
idea to add this cache-control value for all pages at the OPAC.

This patch just adds where the author found it could be useful.

Test plan:
1/ Login at the OPAC
2/ Go on the account page (opac/opac-account.pl)
3/ Click log out
4/ Use the back button of your browser
Without this patch you will see the previous page.
With this patch, the previous page will be reloaded and you will be
redirected to the login form.

Signed-off-by: Marc Véron 

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-01 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #24 from Marc Véron  ---
Created attachment 43005
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=43005=edit
[Signed-off] Bug 5371: (follow-up) Force no caching for private pages at the
OPAC

Same as previous patch for opac-messaging.pl and opac-readingrecord.pl

Signed-off-by: Marc Véron 

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-01 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Marc Véron  changed:

   What|Removed |Added

  Attachment #42911|0   |1
is obsolete||

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-01 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Marc Véron  changed:

   What|Removed |Added

  Attachment #43002|0   |1
is obsolete||

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-01 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Marc Véron  changed:

   What|Removed |Added

 Status|Needs Signoff   |Signed Off

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-01 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #22 from Jonathan Druart  
---
Marc,
Thanks for testing.
I have added the trick on the messaging and circulation history page.
I have not changed the lists/shelves page, the module and script are going to
be rewritten on another bug (bug 14544) and I don't want to introduce
conflicts.

I am not sure we should add the no-store value for the cache policy on other
pages.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-01 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Katrin Fischer  changed:

   What|Removed |Added

 CC||katrin.fisc...@bsz-bw.de
   Attachment #4761|0   |1
is obsolete||

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-01 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #26 from Katrin Fischer  ---
Created attachment 43037
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=43037=edit
[PASSED QA] Bug 5371: (follow-up) Force no caching for private pages at the
OPAC

Same as previous patch for opac-messaging.pl and opac-readingrecord.pl

Signed-off-by: Marc Véron 

Signed-off-by: Katrin Fischer 

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-01 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #27 from Katrin Fischer  ---
Fixes a long existing security and privacy problem, but also changes behaviour
a bit: when you are logged in and you try to use the back button, you will see
a warning, that the browser won't automatically request the page again.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-01 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Katrin Fischer  changed:

   What|Removed |Added

   Patch complexity|--- |Small patch
 Status|Signed Off  |Passed QA

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-10-01 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Katrin Fischer  changed:

   What|Removed |Added

  Attachment #43004|0   |1
is obsolete||
  Attachment #43005|0   |1
is obsolete||

--- Comment #25 from Katrin Fischer  ---
Created attachment 43036
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=43036=edit
[PASSED QA] Bug 5371: Force no caching for private pages at the OPAC

In order no to slow too much the browsing, it is certainly not a good
idea to add this cache-control value for all pages at the OPAC.

This patch just adds where the author found it could be useful.

Test plan:
1/ Login at the OPAC
2/ Go on the account page (opac/opac-account.pl)
3/ Click log out
4/ Use the back button of your browser
Without this patch you will see the previous page.
With this patch, the previous page will be reloaded and you will be
redirected to the login form.

Signed-off-by: Marc Véron 

Signed-off-by: Katrin Fischer 

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-09-28 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #20 from Marc Véron  ---
Sorry, I saved the changes to early.

Further testing:

- your lists: Display after hitting "Back"

- ask for a discharche: OK behalve of case explained under 'your summary' in
comment #19

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-09-28 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #19 from Marc Véron  ---
With Firefox 40.0.3 (Win), I tested all left tabs by doing the following:

- Log in to OPAC
- Go to a tab at the left side
- Logout
- Hit browser's back button

Tabs tested:

- your summary: OK, however if you log in from the home page, then immediately
log out and then hit the back button, the browser asks says 'Document expired
(...) try again'. If you do so ('Send data again'), you are logged in. You can
get the same after changing to other tabs by clicking the 'Back' button until
you get 'Document expired...'

- your fines: OK *)

- your personal details: After hitting back button, I get Home > Register a new
account. I would expect a login page or the home page

- your tags: After hitting back, I see the list of personal tags, patron seems
to be logged in again (Name appears in Header). However if e.g. I try to delete
a tag, I'm redirected to the Log in page

- change your password: OK*)

- your search history: 'Back' leads me back to Home > Search history with
message 'Your catalog search history is empty'. I would expect a login page or
the home page.

- your reading history: "Back" displays the Checkout history

- your privacy: OK*)

- your purchase suggestion: After 'Back', patron seems to be logged in (Name in
header), but the page says: "You are not authorized to see pending purchase
suggestions. If I then hit the link 'New purchase suggestion' I'm redirected to
the page for anonymous suggestions (patron's name disappears from header).

- your messaging: After "Back", patron's messaging settings are displayed. If I
change them ans submit changes, I get the log in screen




*) behalve of case explained under 'your summary'

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-09-28 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Jonathan Druart  changed:

   What|Removed |Added

  Attachment #42648|0   |1
is obsolete||

--- Comment #17 from Jonathan Druart  
---
Created attachment 42911
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=42911=edit
Bug 5371: Force no caching for private pages at the OPAC

In order no to slow too much the browsing, it is certainly not a good
idea to add this cache-control value for all pages at the OPAC.

This patch just adds where the author found it could be useful.

Test plan:
1/ Login at the OPAC
2/ Go on the account page (opac/opac-account.pl)
3/ Click log out
4/ Use the back button of your browser
Without this patch you will see the previous page.
With this patch, the previous page will be reloaded and you will be
redirected to the login form.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-09-28 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #18 from Jonathan Druart  
---
(In reply to Marc Véron from comment #16)
> I get a software error.
> 
> To reproduce:
> - Apply patch
> - Log in to OPAC
> - In left hand naigation, click on 'ask for a discharge'
> Result:
> 
> Software error:
> Global symbol "$query" requires explicit package name at
> /usr/share/kohaclone/opac/opac-discharge.pl line 102.

Oops, sorry about that Marc. Compulsive c/p always result in an error later...

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-09-26 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #16 from Marc Véron  ---
I get a software error.

To reproduce:
- Apply patch
- Log in to OPAC
- In left hand naigation, click on 'ask for a discharge'
Result:

Software error:
Global symbol "$query" requires explicit package name at
/usr/share/kohaclone/opac/opac-discharge.pl line 102.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-09-17 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #14 from Jonathan Druart  
---
Created attachment 42648
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=42648=edit
Bug 5371: Force no caching for private pages at the OPAC

In order no to slow too much the browsing, it is certainly not a good
idea to add this cache-control value for all pages at the OPAC.

This patch just adds where the author found it could be useful.

Test plan:
1/ Login at the OPAC
2/ Go on the account page (opac/opac-account.pl)
3/ Click log out
4/ Use the back button of your browser
Without this patch you will see the previous page.
With this patch, the previous page will be reloaded and you will be
redirected to the login form.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-09-17 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Jonathan Druart  changed:

   What|Removed |Added

 Status|In Discussion   |Needs Signoff

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-09-17 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Jonathan Druart  changed:

   What|Removed |Added

   Assignee|gmcha...@gmail.com  |jonathan.dru...@bugs.koha-c
   ||ommunity.org

--- Comment #15 from Jonathan Druart  
---
(In reply to Jonathan Druart from comment #13)
> I have tried to set force_no_caching to output_html_with_http_headers, but I
> always get a "Document Expired" message from my browser (iceweasel), which
> is not really kind for users.

Hum, it seems I haven't tested correctly yesterday, it works quite well :)

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-09-15 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Jonathan Druart  changed:

   What|Removed |Added

 CC||jonathan.dru...@bugs.koha-c
   ||ommunity.org

--- Comment #13 from Jonathan Druart  
---
I have tried to set force_no_caching to output_html_with_http_headers, but I
always get a "Document Expired" message from my browser (iceweasel), which is
not really kind for users.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-09-11 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Mason James  changed:

   What|Removed |Added

 Status|NEW |In Discussion

--- Comment #12 from Mason James  ---
(In reply to Marc Véron from comment #11)
> After a logout, there could be a message similar to the following:
> 
> "Logout privacy warning: Please close this browser window if other persons
> have access to this computer."

Marc, this is a pretty good idea :)

silly me for only considering a technical solution

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-09-10 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Marc Véron  changed:

   What|Removed |Added

 CC||ve...@veron.ch

--- Comment #11 from Marc Véron  ---
After a logout, there could be a message similar to the following:

"Logout privacy warning: Please close this browser window if other persons have
access to this computer."

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-09-09 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Katrin Fischer  changed:

   What|Removed |Added

 CC||je...@bywatersolutions.com

--- Comment #10 from Katrin Fischer  ---
*** Bug 14799 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2015-02-10 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Owen Leonard oleon...@myacpl.org changed:

   What|Removed |Added

 CC||k...@bywatersolutions.com

--- Comment #9 from Owen Leonard oleon...@myacpl.org ---
*** Bug 13694 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2011-09-22 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

Mason James m...@kohaaloha.com changed:

   What|Removed |Added

Version|rel_3_2 |master

--- Comment #8 from Mason James m...@kohaaloha.com 2011-09-22 08:26:03 UTC ---
(In reply to comment #2)
 patch applied to tag 'v3.02.00' 
 
 this patch has only been tested in firefox so far, and requires a firefox
 config-change.
 
 edit firefox's 'user.js' file and add this line to it
  user_pref(dom.allow_scripts_to_close_windows, true);
 
 FYI: according to the web-security forums, this is the best/only way to get
 around this problem

an update on this bug...
ive come to a situation that i cant find a solution for

the patch works *perfectly* for browsers with the
'user_pref(dom.allow_scripts_to_close_windows)' pref set to 'TRUE'

so, the good news is library-staff can force this setting on their OPAC's
browser, and this patch will work great!

the bad news is ... this  patch works horribly for browsers with the pref set
to 'FALSE' (which is default)  and *fails* logging out a person :/

the obvious solution here is to test whether a browser has the
'dom.allow_scripts_to_close_windows' value set to TRUE then execute this js
code, or not... 

sounds easy?, nope... 
i cant work out a technique to get the 'dom.allow_scripts_to_close_windows'
value from a browser
(my hunch is that it's probably deliberately impossible to determine that info)

so, the original security/privacy issue still remains in MASTER -  but this
patch is broken

-- 
Configure bugmail: 
http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2011-07-27 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

M. James m...@kohaaloha.com changed:

   What|Removed |Added

   Attachment #2733|0   |1
is obsolete||

--- Comment #6 from M. James m...@kohaaloha.com 2011-07-27 22:33:28 UTC ---
Created attachment 4761
  -- http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=4761
new patch

-- 
Configure bugmail: 
http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT

2011-07-27 Thread bugzilla-daemon

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371

--- Comment #7 from Mason James m...@kohaaloha.com 2011-07-27 22:35:54 UTC ---
(In reply to comment #6)
 Created attachment 4761 [details]
 new patch

oops, wrong bug :) - ignore this patch for bug 6636

-- 
Configure bugmail: 
http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the QA Contact for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

46 matches

Mail list logo