[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 Fridolin SOMERSchanged: What|Removed |Added CC||fridolin.som...@biblibre.co ||m --- Comment #15 from Fridolin SOMERS --- Pushed to 17.05.x for v17.05.09 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 Nick Clemenschanged: What|Removed |Added Status|Pushed to Master|Pushed to Stable CC||n...@bywatersolutions.com --- Comment #14 from Nick Clemens --- Awesome work all! Pushed to Stable for 17.11.02 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 Jonathan Druartchanged: What|Removed |Added Status|Passed QA |Pushed to Master --- Comment #13 from Jonathan Druart --- Pushed to master for 18.05, thanks to everybody involved! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 Katrin Fischerchanged: What|Removed |Added Status|Signed Off |Passed QA --- Comment #12 from Katrin Fischer --- Thx, Arturo, for documenting your tests and the sign-off! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 Katrin Fischerchanged: What|Removed |Added Attachment #70308|0 |1 is obsolete|| --- Comment #10 from Katrin Fischer --- Created attachment 70445 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=70445=edit Bug 19911: Do not escape html characters when saving passwords When the password is not generated automatically, we should not escape the html characters. Otherwise it will be changed without any warnings. Signed-off-by: Arturo Signed-off-by: Katrin Fischer -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 Katrin Fischerchanged: What|Removed |Added Attachment #70309|0 |1 is obsolete|| --- Comment #11 from Katrin Fischer --- Created attachment 70446 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=70446=edit Bug 19911: Escape password value during self-registration confirmation The password must be correctly escape, it can contains html character and break the display. Test plan: Apply first patch and confirm that the display is broken Apply second patch (this one) and confirm that the display is fixed Signed-off-by: Arturo Signed-off-by: Katrin Fischer -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 Katrin Fischerchanged: What|Removed |Added CC||katrin.fisc...@bsz-bw.de QA Contact|testo...@bugs.koha-communit |katrin.fisc...@bsz-bw.de |y.org | -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 --- Comment #9 from Arturo--- Just tested again and it looks great to me. Thank you for your work on this, Jonathan! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 --- Comment #8 from sandbo...@biblibre.com--- Created attachment 70309 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=70309=edit Bug 19911: Escape password value during self-registration confirmation The password must be correctly escape, it can contains html character and break the display. Test plan: Apply first patch and confirm that the display is broken Apply second patch (this one) and confirm that the display is fixed Signed-off-by: Arturo -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 --- Comment #7 from sandbo...@biblibre.com--- Created attachment 70308 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=70308=edit Bug 19911: Do not escape html characters when saving passwords When the password is not generated automatically, we should not escape the html characters. Otherwise it will be changed without any warnings. Signed-off-by: Arturo -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 sandbo...@biblibre.comchanged: What|Removed |Added Attachment #70289|0 |1 is obsolete|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 sandbo...@biblibre.comchanged: What|Removed |Added CC||sandbo...@biblibre.com Status|Needs Signoff |Signed Off --- Comment #6 from sandbo...@biblibre.com --- Patch tested with a sandbox, by Arturo -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 sandbo...@biblibre.comchanged: What|Removed |Added Attachment #70271|0 |1 is obsolete|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 Jonathan Druartchanged: What|Removed |Added Depends on||19918 --- Comment #5 from Jonathan Druart --- (In reply to Arturo from comment #3) > Thank you for the patches, Jonathan! I've tested this out on a sandbox and > it works great! There is only one issue that I found -- the tag on > line 45 of opac-registration-confirmation.tt is missing a closing > tag. Right now both of the tags are opening tags, so it is causing an HTML > validation error. Well spotted! I have opened, filled and pushed bug 19918 to fix that. And rebased the patch on top. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19918 [Bug 19918] span tag not closed in opac-registration-confirmation.tt -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 Jonathan Druartchanged: What|Removed |Added Attachment #70253|0 |1 is obsolete|| --- Comment #4 from Jonathan Druart --- Created attachment 70289 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=70289=edit Bug 19911: Escape password value during self-registration confirmation The password must be correctly escape, it can contains html character and break the display. Test plan: Apply first patch and confirm that the display is broken Apply second patch (this one) and confirm that the display is fixed -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 --- Comment #3 from Arturo--- Thank you for the patches, Jonathan! I've tested this out on a sandbox and it works great! There is only one issue that I found -- the tag on line 45 of opac-registration-confirmation.tt is missing a closing tag. Right now both of the tags are opening tags, so it is causing an HTML validation error. Despite that, I was able to complete the detailed test plan below and found no errors. These patches work both when e-mail verification is required and when it is not. They also work when the user supplies a password and when it is randomly generated by Koha. My full test plan is below. These are the sample passwords I tested with: <%20> password link Test plan: 1. Make sure a valid e-mail is stored in KohaAdminEmailAddress. 2. Set OpacPublic to Enable. 3. Set PatronSelfRegistration to Allow. 4. Be sure there is a valid patron category in PatronSelfRegistrationDefaultCategory. 5. Set PatronSelfRegistrationBorrowerMandatoryField to include at least "firstname|surname|email|password" so that these are required fields. 6. Set PatronSelfRegistrationPrefillForm to "Display and prefill" so that you can see the password and have it prefilled. To test when e-mail verification is NOT required: 1. Set PatronSelfRegistrationVerifyByEmail to "Don't require". 2. Go to the OPAC and fill out the self-registration form. Supply a password that contains the less-than character. 3. Confirm that upon account creation, your password is correctly displayed on the confirmation page. 4. Also confirm that you can log in to your account. To test when e-mail verification IS required: 1. Be sure that OPACBaseUrl has a value since it is called by the OPAC_REG_VERIFY e-mail template. 2. Set PatronSelfRegistrationVerifyByEmail to "Require." 3. Go to the OPAC and fill out the self-registration form. Supply a password that contains the less-than character. 4. Follow the e-mail verification link created by Koha. 5. Confirm that upon account creation, your password is correctly displayed on the confirmation page. 6. Also confirm that you can log in to your account. To test when a password is generated randomly: 1. Remove "password" from the list of fields in PatronSelfRegistrationBorrowerMandatoryField and repeat the two blocks of steps above. Be sure that the randomly generated password contains a less-than character and that it displays properly. Since these are generated randomly, you may need to self-register multiple times until your generated password contains this character. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 --- Comment #2 from Jonathan Druart--- Created attachment 70271 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=70271=edit Bug 19911: Do not escape html characters when saving passwords When the password is not generated automatically, we should not escape the html characters. Otherwise it will be changed without any warnings. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 Jonathan Druartchanged: What|Removed |Added Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 --- Comment #1 from Jonathan Druart--- Created attachment 70253 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=70253=edit Bug 19911: Escape password value during self-registration confirmation The password must be correctly escape, it can contains html character and break the display. Test plan: Apply first patch and confirm that the display is broken Apply second patch (this one) and confirm that the display is fixed -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 Jonathan Druartchanged: What|Removed |Added Severity|enhancement |major CC||jonathan.dru...@bugs.koha-c ||ommunity.org Version|17.11 |master -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 Jonathan Druartchanged: What|Removed |Added Assignee|oleon...@myacpl.org |jonathan.dru...@bugs.koha-c ||ommunity.org -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 19911] Passwords displayed to user during self-registration are not HTML-encoded
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19911 Arturochanged: What|Removed |Added CC||libr...@sll.texas.gov -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/