Files · a01852839343678f325e52ce286012c81f2ade66 · Yusei Tahara / erp5

Backport: Base_callDialogMethod: Do not redirect when form has a password field.

If it is the case *and* the action script does not redirect, the password will be
in user's browser history.
There can be two different reasons to not redirect:
- not following the API (ie, intentionally not redirecting)
- letting an exception reach ZPublisher
Also, if the non-redirection causes an HTML page to be rendered, resources
loaded by that page will have a referrer containing the password, leaking it
to potentially foreign servers.

a0185283

Name	Last commit	Last update
bt5	Copy a commit(477365ae) from master branch.	8 years ago
erp5	testnode: Build NumPy/friends & Ruby gems in parallel	9 years ago
product	Backport: Base_callDialogMethod: Do not redirect when form has a password field.	8 years ago
slapos	SlapOS related code moved out.	13 years ago
tests	Reactivate erp5_web_renderjs_ui_test	9 years ago
.gitignore	Ignore TAGS (Emacs) and tags (vi) files.	9 years ago
CHANGES.erp5.util.txt	Release erp5.util 0.4.43	9 years ago
MANIFEST.in	Initial distribution creation.	13 years ago
Products	add a symlink Products -> product.	10 years ago
README.erp5.util.txt	Initial distribution creation.	13 years ago
setup.py	Release erp5.util 0.4.43	9 years ago

Download source code