#48 Wrong case for SHA1 function name in login.html

closed-fixed
livesite (19)
5
2010-01-12
2010-01-10
Anonymous
No

Hi,

The login page includes a script that declares a function named "SHA1" (uppercase letters) but, on form submit, calls a function named "fillsha1" that, itself, calls a function named "sha1" (lowercase letters).
Javascript is case-sensitive so clicking on the "Login" button only adds a "sha1 is not defined" message to my browser's error console while the form is sent without the "pwsha1" hidden field being filled.

Proposed fix :
--- old.login.html 2010-01-10 21:42:25.000000000 +0100
+++ login.html 2010-01-10 21:43:44.000000000 +0100
@@ -104,7 +104,7 @@
<script type="text/javascript">
function fillsha1() {
var nonce='<?php echo($sNonce) ?>';
- pwstring=sha1(document.loginform.pw.value+document.loginform.email.value)+nonce;
+ pwstring=SHA1(document.loginform.pw.value+document.loginform.email.value)+nonce;
document.loginform.pwsha1.value=SHA1(pwstring);
document.loginform.pw.value='';
return true;

Regards,
DL.

Discussion

  • Thanks! Fixed.

     
    • status: open --> closed-fixed