Hi Rodrigo, is this a fix for issue #714?
On 09/01/2015 03:13 PM, Rodrigo Trujillo wrote:
There is a remote, but real, possibility that kimchi.min.js breaks
and
is not loaded for some reason in Kimchi login page. If this happen, the
form submmit action is not going to be binded to a javascript function
that calls a AJAX POST request. Then the browser is going to submmit the
form in the default way: using a GET request. GET requests add form data
in the URL, so user will be able to see the user and password in the URL
field and in the log:
"GET /login.html?username=321&password=234 HTTP/1.0" 200 2936
"https://localhost:8001/login.html" "Mozilla/5.0 (X11; Fedora; Linux
x86_64; rv:39.0) Gecko/20100101 Firefox/39.0"
This patch fixes this problem adding 'method="post"' in the login html
form.
Signed-off-by: Rodrigo Trujillo <rodrigo.trujillo(a)linux.vnet.ibm.com>
---
ui/pages/login.html.tmpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ui/pages/login.html.tmpl b/ui/pages/login.html.tmpl
index e2f6855..55848b4 100644
--- a/ui/pages/login.html.tmpl
+++ b/ui/pages/login.html.tmpl
@@ -79,7 +79,7 @@
<div id="messUserPass" class="err-mess"
style="display: none;">$_("The username or password you entered is
incorrect. Please try again.")</div>
<div id="messSession" class="err-mess"
style="display: none;">$_("Session timeout, please
re-login.")</div>
</div>
- <form id="form-login" class="login-panel">
+ <form id="form-login" class="login-panel"
method="post">
<div class="row">
<input type="text" id="username"
name="username" required="required" placeholder="$_("User
Name")" autofocus/>
<div id="username-msg"
class="msg-required"></div>
--
Lucio Correia
Software Engineer
IBM LTC Brazil