FormWizard has a security_hash check failure with Textareas with leading/trailing newlines in Safari
|Reported by:||Dana Spiegel||Owned by:||Kevin Kubasik|
|Severity:||Keywords:||security_hash textarea formwizard|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||yes|
I have a Form with a TextField, and when I put this form into a FormWizard, the security_hash generated for that form is different before/after the next form is submitted. This only happens on Safari. I've traced the issue to a TextField that has leading and/or trailing newlines.
In Firefox, a Textarea is apparently stripped upon submission, but in Safari, the leading/trailing newlines are submitted. As a result, when submitting the form with the Textarea, the security_hash that is generated uses the value of the field with the newlines included. But when I submit the next form, the security_hash that is generated from the previous fields doesn't have the newlines in that field's value. As a result, the security_hash is different, generating a security_hash failure. This may be due to the way that the previous fields are rendered into the second form.
Change History (8)
comment:2 Changed 8 years ago by
|Owner:||changed from nobody to Kevin Kubasik|
|Patch needs improvement:||set|