It's my first bug report here, so please bear with me. I have searched for a similar bug, but found none. On http://bugzilla.mozilla.org/changepassword.cgi, if one fills in the data and presses "Login", the URL contains the password. Well, IMHO, it's generally a bad idea to use METHOD="get" when sending password due to additional security loss (ok, which security ;-). If this is intention for bookmarking the URL, well you may want to reconsider it nevertheless. ---- Second (sorry, if this should be in a second bug): The resulting page contains no end tag for the FORM element. Therefore this page does not work with either M10 or Amiga Voyager V3pre2: Everything is displayed fine, but nothing happens, when "Submit" is pressed. end of BODY and HTML are also missing, but the FORM is what causes it to stop working. Additionally, no DTD is specified at top. I did not search for further mistakes. You may want to apply a HTML checker on all pages. ;-)
Status: NEW → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED
Yes, two bug reports would have been better, but no big deal. Fixed. (Well, there are still some cases where the password can appear up in the URL, because of bookmarking stuff and the like, but this particular obvious case has been fixed.) And I added a "</FORM>".
per Terry, auto-verifying any resolved bug that hasn't been touched since before 2.10 was released.
Status: RESOLVED → VERIFIED
Moving to Bugzilla product
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
QA Contact: matty
Target Milestone: --- → Bugzilla old
Version: other → unspecified
You need to log in before you can comment on or make changes to this bug.