Closed
Bug 202258
Opened 21 years ago
Closed 17 years ago
search delivers 0 results
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: gressho, Assigned: dveditz)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312 Doing a search in the WebOpac http://www2.stadt-muenster.de/opac10/index.asp? allways returns 0 results. Mozilla 1.02 works fine, all later versions are broken. Reproducible: Always Steps to Reproduce: 1.Open the Web site 2.Enter Mankell in input field Verfasser. 3.Click on suchen Actual Results: The Opac returns 0 results. Expected Results: The Opac should return about 30 results (and Mozilla 1.02 did so!).
|
||
Comment 1•21 years ago
|
||
The site uses the following frameset. Note the frame named "suche":
<frameset cols="*,10" border="0" frameborder="no" framespacing=0>
<FRAMESET rows="145,35,*" border="0" frameborder="no" framespacing=0>
<FRAME SRC="blank.asp" name="suche" NORESIZE scrolling="no" marginWidth="0"
marginHeight="0" border=0 frameborder=no>
<FRAME SRC="menubar.asp" name="menubar" NORESIZE scrolling="no"
marginWidth="0" marginHeight="0" border=FB_SIZE
frameborder=no framespacing=0>
<FRAMESET cols="400,*" border="0" frameborder="no" framespacing=0>
<FRAME scrolling="auto" SRC="home.asp" name="ergebnis">
<FRAME SRC="suchanz.asp" name="detail" border=0 frameborder=no
framespacing=0>
</frameset>
</frameset>
<FRAME SRC="/read10/rot.htm" name="rot" NORESIZE scrolling="no"
border=0 frameborder="no" framespacing=0>
</frameset>|
|
||
Comment 2•21 years ago
|
||
Confirming Werner's report using a trunk build dated the same as his.
NOTE: with a current build, we have an even worse problem: nothing
in the top frame renders; there is no input field "Verfasser" !!!
If I click on the Suchen button, I get this error immediately in
Tools > Web Development > JavaScript Console:
Error: top.suche.loadResultWindow is not a function
Source File: javascript:top.suche.loadResultWindow();
Line: 1
Go to the URL for this frame (see above):
http://www2.stadt-muenster.de/opac10/blank.asp
This is all I see in the source there:
<html>
<link rel=stylesheet type="text/css" href="style.css">
<script Language="Javascript">
/*function test()
{
Zweitbild = new Image();
Zweitbild.src = '/read10/PICS/mail.gif';
document.images[0].src = Zweitbild.src;
}*/
</script>
<head>
<title>wwwopac</title>
</head>
<body></body>
</html>
Notice the <script> is commented out; there is nothing in this page.
Some other frame must be document.writing a <script> into this one?|
|
||
Updated•21 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
|
|
||
Comment 3•21 years ago
|
||
It's the "menubar" frame that does it. The function fGetBType() in
this frame tries to change |location.href| for the "suche" frame:
function fGetBType(){
- 21 var now;
- 22 var sDbSeite;
- 23 now = new Date();
- 24 sParms = 'nSearch.asp?TIME='+now.getTime();
- 25 sParms += '&DB=' + fGetDB();
26
- 27 top.suche.location.href=sParms;
28
- 29 top.ergebnis.location="home.asp";
- 30 top.detail.location="suchanz.asp";
31
- 32 return true;
33 }
Note line 27 is trying to set |top.suche.location.href| to |sParms|.
In the JS Debugger, |sParms| had this value:
> sParms
"nSearch.asp?TIME=1050518364656&DB=biblio10"
That is, line 27 is trying to set |top.suche.location.href| to this:
http://www2.stadt-muenster.de/opac10/nSearch.asp?TIME=1050518364656&DB=biblio10"
But after that line was executed, it had NO EFFECT:
> top.suche.location.href
"http://www2.stadt-muenster.de/opac10/blank.asp"
So the |suche| frame still points to the blank HTML page we saw above,
with no functions in it. Sure enough, the nSearch.asp page contains the
functions they try to use later, in particular, loadResultWindow():
function loadResultWindow(){
var now;
var sType;
now = new Date();
sPhon="";
bPhon = false;
etc.
}
This is the missing function in the error message I'm getting (Comment #2).|
|
||
Comment 4•21 years ago
|
||
------------------------------- SUMMARY ------------------------------- This site is not loading its top frame, named "suche", successfully. It begins life as a blank HTML page "blank.asp". The second frame in the frameset, when it loads, tries to change |top.suche.location.href| to another URL, e.g. "nSearch.asp?TIME=1050518364656&DB=biblio10" This change is unsuccessful. Thus the "suche" frame remains pointing at a blank HTML page, with no visual or JS content. ----------------------------------------------------------------------- For convenience, here is the initial <frameset> I listed above: <FRAMESET rows="145,35,*" border="0" frameborder="no" framespacing=0> <FRAME SRC="blank.asp" name="suche" etc. etc. > <FRAME SRC="menubar.asp" name="menubar" etc. etc. > I'm wondering if this is failing silently due to Security issues??? I'm not seeing any Security errors in the JS Console - Is there a pref I might have set which denies one frame changing the location of another? Reassigning to Security:General for further analysis; cc'ing jst, Boris -
Assignee: rogerl → mstoltz
Component: JavaScript Engine → Security: General
QA Contact: pschwartau → carosendahl
|
||
Comment 5•21 years ago
|
||
> Is there a pref I might have set which denies one frame changing > the location of another? Not to my knowledge. But you could be seeing bug 201108
Depends on: 201108
|
||
Comment 6•21 years ago
|
||
[Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.4) Gecko/20030529] I checked this bug behaviour in v1.4rc1: I confirm comment 5: you were also seeing bug 201108, which existed in v1.4a and v1.4b. Removing (d.o.) bug 201108, since the current bug is not actually related to this other bug: the current bug existed before (v1.3), and exists after (v1.4rc1), bug 201108 lifespan. [Netscape® Communicator 4.8 : en-20020722] While I get 0 result [and no javascript issue] in v1.4rc1 (this bug), v4.8 returns 42 ones (currently). Adding (K) '4xp'. If someone (reporter ?) can confirm that v1.02 (for example) worked fine, he could add (K) 'regression' too...
|
||
Comment 7•19 years ago
|
||
I think I got 65 results "Suchergebnis - Übersicht Nächste Seite Gefunden: 65" using Firefox 1.0.4 on winxpsp2. Works for me?
|
Assignee | |
Updated•18 years ago
|
Assignee: security-bugs → dveditz
QA Contact: carosendahl → toolkit
|
||
Comment 8•17 years ago
|
||
WFM Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a8pre) Gecko/2007081905 Minefield/3.0a8pre
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•