2023-08-17 22:38:43 Opened by Khy H
Potential security issue with the Login link. One of our site included the login link on the menu bar for non logged in and logged in user, similar to the openacs.org site. It was discovered the link includes the form data in the last form posting, thus we removed the login link from the register/ page.Steps to Reproduce 1. https://openacs.org/register/?return_url=/ 2. Enter invalid email/password and submit 3. Click on the "Login" in upper right hand viewer 4. View the browser location bar, it has the email and password in clear text.
Steps to Reproduce 1. https://openacs.org/register/?return_url=/ 2. Enter invalid email/password and submit 3. Click on the "Login" in upper right hand viewer 4. View the browser location bar, it has the email and password in clear text.
2023-08-29 16:33:13 Resolved by Gustaf Neumann
Dear Khy,many thanks for the bug report. There is now a fix for the openacs-bootstrap3-theme and the openacs-bootstrap5-theme in the repository.For details, see: https://cvs.openacs.org/changelog/OpenACS?cs=oacs-5-10%3Agustafn%3A20230829141721
many thanks for the bug report. There is now a fix for the openacs-bootstrap3-theme and the openacs-bootstrap5-theme in the repository.
For details, see: https://cvs.openacs.org/changelog/OpenACS?cs=oacs-5-10%3Agustafn%3A20230829141721
You're not logged in. For more options, log in now.
