[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-bugs-dist
Subject: [Bug 122947] New: Konqueror discloses information from previous pages
From: alan () chandlerfamily ! org ! uk
Date: 2006-03-02 0:00:47
Message-ID: 20060302010044.122947.alan () chandlerfamily ! org ! uk
[Download RAW message or body]
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
http://bugs.kde.org/show_bug.cgi?id=122947
Summary: Konqueror discloses information from previous pages
input fields
Product: konqueror
Version: unspecified
Platform: unspecified
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: general
AssignedTo: konq-bugs kde org
ReportedBy: alan chandlerfamily org uk
Version: 3.5.1 (using KDE 3.5.1, Debian Package 4:3.5.1-2 \
(testing/unstable))
Compiler: Target: i486-linux-gnu
OS: Linux (i686) release 2.6.15-1-k7
I have been developing a java application and spent some time trying to figure out \
why the wrong data was being placed in some input fields in an application. That is \
until I did a View/Document Source.
The source of the page shows exactly what I would have expected - where as the screen \
shows data from some previous invocation of the page.
Here is the document source of the page
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" \
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <!-- Application: usermgr \
--> <!-- Page: EditUser -->
<!-- Generated: Wed Mar 01 22:49:05 GMT 2006 -->
<html>
<head>
<meta name="generator" content="Tapestry Application Framework, version 4.0"/>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/>
<base href="http://localhost:8080/usermgr/"/>
<title>User Manager</title>
<link rel="stylesheet" type="text/css" href="/style/site.css"/>
<link rel="stylesheet" type="text/css" href="/style/user.css"/>
<link rel="stylesheet" type="text/css" href="[PAGECSSURL]"/>
</head>
<!-- Copyright (c) 2005,2006 Alan Chandler, licenced under the GPL (see LICENCE.txt \
file in META-INF directory) --> <!-- Much of the text of the page comes from the \
application.properties file. If you see items in square brackets where you would \
expect information, use this item as a key to the message file -->
<body>
<script type="text/javascript" \
src="/usermgr/assets/1f7008d3e65882519740d925d6c5a813/org/apache/tapestry/form/Form.js"></script>
<script type="text/javascript" \
src="/usermgr/assets/bb63871f5fc4d226b40d91fd3497b0d5/org/apache/tapestry/form/validator/RegExValidator.js"></script>
<div id="bread">
<ul>
<li><a href="/">Home</a></li>
<li><a href="/usermgr/Home.page">Names Manager</a></li>
<li>Edit User Details</li>
</ul>
</div>
<form method="post" action="/usermgr/EditUser,$Border.$Form.do" name="Form" \
id="Form"> <div style="display:none;"><input type="hidden" name="formids" \
value="If_0,For,LinkSubmit,Hidden,Hidden_0,userName,password,confirm,email,fullname,Hidden_1,Hidden_0_0,roles,For_0"/>
<input type="hidden" name="submitmode" value=""/>
<input type="hidden" name="submitname" value=""/>
<input type="hidden" name="If_0" value="T"/>
<input type="hidden" name="For" value="VSsave"/>
<input type="hidden" name="Hidden" value="Scarrie"/>
<input type="hidden" name="Hidden_0" value="l180"/>
<input type="hidden" name="Hidden_1" \
value="ZH4sIAAAAAAAAACWOMQ6CQBREPwKaWBmtPYHJYmNhqOzU0BkP8IUVV5fF/F0Q7Kw9gYU3sLS0t/ce3k \
GQKaaYeZPM4wuuJhhlB5ZSzMIdqkhy2mIiZMkyzSmJiUVocIOas3UVXOfjqcpekxbYS+jknLRIVQCOwoQb6Ad7 \
zNGTqGJvZUio2A/ApVRybaDXlJkR0guENn5xhEZPA+0QiQSv3gxqitUUmxFhWaPF5TO8vfFug7UAR4sz/2+tk1N514CLUSJU8QPMWsL30AAAAA=="/>
<input type="hidden" name="Hidden_0_0" \
value="OrO0ABXNyABNqYXZhLnV0aWwuQXJyYXlMaXN0eIHSHZnHYZ0DAAFJAARzaXpleHAAAAADdwQAAAADdAAGZWRpdG9ydAAJZGV2ZWxvcGVydAAFYWRtaW54"/>
<input type="hidden" name="For_0" value="VSeditor"/>
<input type="hidden" name="For_0" value="VSdeveloper"/>
<input type="hidden" name="For_0" value="VSadmin"/>
</div>
<!-- Header Section -->
<div id="header">
<div id="bars" class="column">
<div id="sitetitle">
<h1>User Manager</h1>
</div>
<div id="menu">
<ul>
<li class="first"><a href="javascript:Tapestry.submit_form('Form', 'LinkSubmit');" \
id="LinkSubmit">Save Changes</a></li>
</ul>
</div>
</div>
<div id="logo" class="column">
</div>
</div>
<!-- Body -->
<div id="content">
<div id="centre" class="column">
<!-- Copyright (c) 2006 Alan Chandler, licenced under the GPL (see LICENCE.txt file \
in META-INF directory) -->
<label for="userName">User Name</label>
<input type="text" name="userName" value="carrie" id="userName"/><br/>
<label for="password">Password</label>
<input type="password" name="password" value="" id="password"/><br/>
<label for="confirm">Confirm Password</label>
<input type="password" name="confirm" value="" id="confirm"/><br/>
<label for="email">Email Address</label>
<input type="text" name="email" value="" id="email"/><br/>
<label for="fullname">Full Name</label>
<input type="text" name="fullname" value="" id="fullname"/><br/>
<label for="roles">Current Roles</label>
<select name="roles" multiple="multiple" id="roles">
<option value="0">editor</option>
<option value="1">developer</option>
<option value="2" selected="selected">admin</option>
</select>
</div>
</div>
</form>
<!-- Footer Section -->
<div id="footer">
<div id="copy" class="column">
<p>Unless otherwise stated the content of this site is copyright © 2006 Alan \
Chandler. Please see <a href="/licence.html">licence conditions</a> for details on \
copying.</p> </div>
<div id="version" class="column">
<p><img src="/images/PoweredByTapestry.gif" width="69" alt="Powered By Tapestry" \
height="33"></img> Version
<ul>
<li>site: 6.2.0</li>
<li>usermgr: 1.0.0</li>
</ul>
</p>
</div>
<div id="webmaster" class="column"><p>Any issues with the site, please contact the <a \
href="mailto:alan chandlerfamily org uk?subject="Web Site \
Issues"">Webmaster</a></p></div> </div>
<script language="JavaScript" type="text/javascript"><!--
Tapestry.register_form('Form');
Tapestry.onsubmit('Form', function(event) { Tapestry.require_field(event, 'email', \
'You must enter a value for null.'); }); Tapestry.onsubmit('Form', function(event) { \
Tapestry.validate_regex(event, 'email', '\^\\w\[\-\._\\w\]\*\\w\ \\w\[\-\ \
_\\w\]\*\\w\\\ \\w\{2\,6\}\$', 'Invalid email format for null. Format is user \
hostname '); }); Tapestry.set_focus('email');
// --></script></body>
</html>
<!-- Render time: ~ 17 ms -->
In particular the <div id="centre"> shows some text input fields with data produced \
by my application. However a screenshot shows completely different data as shown \
here
http://www.chandlerfamily.org.uk/photos/d/480-1/EditUserDetailsForm.png
There is a small possibility that javascript somehow creates differnent content to \
the screen shot - except
a) Firefox does not show this data, but as I would have expected
b) There is no reason to expect it to display this data - where does it come from
What worries me is that there is a considerable security risk if konqueror is somehow \
showing data from elsewhere.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic