projects / koha.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch (parent: 51e8b7b)
Bug 18955 - autocomplete is on in OPAC password recovery
authorFridolin Somers <fridolin.somers@biblibre.com>
Wed, 19 Jul 2017 07:48:04 +0000 (09:48 +0200)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Mon, 24 Jul 2017 17:05:38 +0000 (14:05 -0300)
In OPAC password recovery form autocomplete is not disabled.
So when login or email is entered, it is saved in browser input history for autocomplete.
This is a major issue for OPAC on computers with public access.

This patch adds autocomplete off on forms.

Test :
- Enable system preferences OpacPasswordChange and OpacResetPassword
- Go to OPAC
- Be sure to not be logged in
- Click on "Forgot your password?"
- Enter a loggin and email and Submit
=> Without patch there is an autocompletion with values you entered
=> With patch there is no autocompletion

Signed-off-by: Marc VĂ©ron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt patch | blob | history

diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt
index 6c445b1..4f3f857 100644 (file)
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt
@@ -78,7 +78,7 @@
 [% IF (!Koha.Preference('OpacResetPassword')) %]
                     <div class="alert alert-info">You can't reset your password.</div>
 [% ELSIF (password_recovery) %]
-                    <form action="/cgi-bin/koha/opac-password-recovery.pl" method="post">
+                    <form action="/cgi-bin/koha/opac-password-recovery.pl" method="post" autocomplete="off">
                         <input type="hidden" name="koha_login_context" value="opac" />
                         <fieldset>
                             <p>To reset your password, enter your login and your email address.
@@ -92,7 +92,7 @@
                          </fieldset>
                     </form>
 [% ELSIF (new_password) %]
-                    <form action="/cgi-bin/koha/opac-password-recovery.pl" method="post">
+                    <form action="/cgi-bin/koha/opac-password-recovery.pl" method="post" autocomplete="off">
                         <input type="hidden" name="koha_login_context" value="opac" />
                         <fieldset>
                             <div class="alert alert-info">The password must contain at least [% minPassLength %] characters.</div>
Mirror of git://git.koha-community.org/koha.git