Item10412: Subtle problem with fragments in login form

Priority: Urgent
Current State: Closed
Released In: 1.1.3
Target Release: patch
Applies To: Engine
Reported By: CrawfordCurrie
Waiting For:
Last Change By: KennethLavrsen
login.tmpl defines:
<form action='%SCRIPTURLPATH{"login"}%%PATH_INFO%' name='loginform' method='post' onsubmit='document.loginform.foswiki_origin.value+=window.location.hash'>
This appends the fragment from the url used to render the login form (not quite sure why, but presumably this is part of an attempt to maintain the fragment through a login sequence).

Unfortunately, if the foswiki_origin includes a parameter string, this ends up polluting the parameter string.

Given that the correct parameter values are expanded into hidden form fields anyway, the parameter string is redundant.

Copy-paste the following to a trunk/1.1.2 install to reproduce:
Starting from logged out state, click <a href="%SCRIPTURL{viewauth}%/%WEB%/%TOPIC%?blah=trueblah#target">here</a>

After you log in the value of blah will include the target
   * blah: %URLPARAM{"blah"}%

-- CrawfordCurrie - 25 Feb 2011


ItemTemplate edit

Summary Subtle problem with fragments in login form
ReportedBy CrawfordCurrie
Codebase 1.1.2, 1.1.1, 1.1.0, 1.1.0 beta1, trunk
SVN Range
AppliesTo Engine
Priority Urgent
CurrentState Closed
Checkins distro:cc075d43e041 distro:09adffacb632
TargetRelease patch
ReleasedIn 1.1.3
Topic revision: r9 - 16 Apr 2011, KennethLavrsen
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy