On 01/10/2015 13:51, Lucio Correia wrote:
Hi Rodrigo, is this a fix for issue #714?
Yeap! Thank, Lucio! I've just closed the issue.
On 09/01/2015 03:13 PM, Rodrigo Trujillo wrote:
> There is a remote, but real, possibility that kimchi.min.js breaks and
> is not loaded for some reason in Kimchi login page. If this happen, the
> form submmit action is not going to be binded to a javascript function
> that calls a AJAX POST request. Then the browser is going to submmit the
> form in the default way: using a GET request. GET requests add form data
> in the URL, so user will be able to see the user and password in the URL
> field and in the log:
>
> "GET /login.html?username=321&password=234 HTTP/1.0" 200 2936
> "https://localhost:8001/login.html" "Mozilla/5.0 (X11; Fedora; Linux
> x86_64; rv:39.0) Gecko/20100101 Firefox/39.0"
>
> This patch fixes this problem adding 'method="post"' in the login
html
> form.
>
> Signed-off-by: Rodrigo Trujillo <rodrigo.trujillo(a)linux.vnet.ibm.com>
> ---
> ui/pages/login.html.tmpl | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/ui/pages/login.html.tmpl b/ui/pages/login.html.tmpl
> index e2f6855..55848b4 100644
> --- a/ui/pages/login.html.tmpl
> +++ b/ui/pages/login.html.tmpl
> @@ -79,7 +79,7 @@
> <div id="messUserPass" class="err-mess"
style="display:
> none;">$_("The username or password you entered is incorrect. Please
> try again.")</div>
> <div id="messSession" class="err-mess"
style="display:
> none;">$_("Session timeout, please re-login.")</div>
> </div>
> - <form id="form-login" class="login-panel">
> + <form id="form-login" class="login-panel"
method="post">
> <div class="row">
> <input type="text" id="username"
name="username"
> required="required" placeholder="$_("User Name")"
autofocus/>
> <div id="username-msg"
class="msg-required"></div>
>