Hack to avoid Agent DN + Password being overwritten by some ugly browser... #9575
Conversation
|
good 👍 |
blizzz
changed the title
|
I need someone who could try this with Safari on MacOS ( @georgehrke ?) Steps:
→ if the entered users and password shows up, very good! (In this case also please ensure that it does not work without this patch) |
|
I can test (need to install php5-ldap first) |
|
what to enter in base dn? (update, just entered some fake value :"DC=FAKE,DC=local") |
|
ty! :) asdf. does not matter here. |
|
for me, the entered user/pass shows up (even after reloading it like 10 times) in the latest version of Safari on OS X even without this patch sorry, missed to read the description completely, testing with patch now |
|
ok, so with and without this patch I see the credentials I entered (not the admin ones) after reloading the page in Safari on OS X |
|
@georgehrke hm, OK. At least this was how I could reproduce it on Chromium. @quiqueck @ser72 which Safari versions are affected for you? Those steps would lead to the effects your reported, wouldn't they? |
|
or maybe this was fixed somewhere between Safari 7.0.3 and 7.0.5? |
|
Apparently it is happening with any version, but for reference, I can make it happen on my system on demand, and it has Safari 7.0.4 (9537.76.4) |
|
@ser72 okay, good. Could you apply the changes and test whether the issue is fixed with this? |
|
I was never able to reproduce this in my lab... I have a user who can reproduce at will, but hesitate to have her "try" something. |
|
So, am I hunting ghosts here? |
|
@blizzz I tried a reproduction with the steps you mentioned above (Safari 6.0.5 -- that's all I have access to) and the configured id/pswd remained. Could not reproduce the issue so cannot test the patch. How "confident" are you that this fixes the issue on Safari? If you have a fairly high confidence level I will ask my user to try it. |
|
Since no one is able to reproduce it, and reporters did not respond yet, I have no clue. No reason to be confident. |
|
@lmaestro could you try to reproduce this? |
|
I can't reproduce it. |
|
@ser72 we're stuck. could you check back with your user the reproduction steps? |
|
Ok good news. I just upgraded our MAC o/s and Safari and have a reproduction. Will test patch now |
|
OK now the bad news. Applied the patch and it is still broken on Safari 7.0.5 and oC 6.0.4 patched |
|
At least you can verfiy this. Now, without having access to Safari it is hardly possible to find a way around it. I will meet with Markus on Wed evening to get my fingers on one. |
…sers with stored site credentials
|
The inspection completed: No new issues |
|
🚀 Test Passed. 🚀 |
|
👍 Pls let me know if I can send this patch to a user experiencing the issue as well. |
|
@ser72 yes, please do so. |
|
👍 Lets get in 6.0.5 |
There was a problem hiding this comment.
Hahaha, what a hack! So that's what it takes!
|
Code looks good. I didn't test this myself but @ser72 did 👍 |
Hack to avoid Agent DN + Password being overwritten by some ugly browser...
|
So should we backport this to stable7 @karlitschek? (Ref #10137 (comment)) |
|
@jancborchardt Yes. I guess backporting should be save. |
|
Thanks! |
...s with stored site credentials.
Fixes #7038
List of browsers having the bug. Checked ones are tested successfully against.
IE (11+)Please review and test. Also open for better ideas.
< update >
IE 11 has no issues here at all. Only the other two.
< /update >
@quiqueck @ser72 @PVince81 or others please