From 5ccae7a507c8181b284312cd47575e19546d5d79 Mon Sep 17 00:00:00 2001
From: Demian Katz <demian.katz@villanova.edu>
Date: Tue, 6 Oct 2015 12:51:34 -0400
Subject: [PATCH] Avoid duplicate element IDs in password forms.

---
 .../src/VuFind/View/Helper/Root/Auth.php      | 10 ++++---
 themes/bootstrap3/js/common.js                | 27 +++++++++----------
 .../Auth/AbstractBase/loginfields.phtml       |  8 +++---
 .../templates/Auth/MultiILS/loginfields.phtml |  8 +++---
 .../Auth/AbstractBase/loginfields.phtml       |  8 +++---
 .../templates/Auth/MultiILS/loginfields.phtml |  8 +++---
 6 files changed, 34 insertions(+), 35 deletions(-)

diff --git a/module/VuFind/src/VuFind/View/Helper/Root/Auth.php b/module/VuFind/src/VuFind/View/Helper/Root/Auth.php
index 6b10626a641..bc83197b426 100644
--- a/module/VuFind/src/VuFind/View/Helper/Root/Auth.php
+++ b/module/VuFind/src/VuFind/View/Helper/Root/Auth.php
@@ -66,14 +66,16 @@ class Auth extends \Zend\View\Helper\AbstractHelper
      */
     protected function renderTemplate($name, $context = [])
     {
+        // Get the current auth module's class name
+        $className = $this->getManager()->getAuthClassForTemplateRendering();
+
         // Set up the needed context in the view:
         $contextHelper = $this->getView()->plugin('context');
+        $context['topClass'] = $this->getBriefClass($className);
         $oldContext = $contextHelper($this->getView())->apply($context);
 
-        // Get the current auth module's class name, then start a loop
-        // in case we need to use a parent class' name to find the appropriate
-        // template.
-        $className = $this->getManager()->getAuthClassForTemplateRendering();
+        // Start a loop in case we need to use a parent class' name to find the
+        // appropriate template.
         $topClassName = $className; // for error message
         $resolver = $this->getView()->resolver();
         while (true) {
diff --git a/themes/bootstrap3/js/common.js b/themes/bootstrap3/js/common.js
index d9b4481caa5..65cd170bb55 100644
--- a/themes/bootstrap3/js/common.js
+++ b/themes/bootstrap3/js/common.js
@@ -247,24 +247,21 @@ function ajaxLogin(form) {
       if (response.status == 'OK') {
         var salt = response.data;
 
-        // get the user entered password
-        var password = form.password.value;
-
-        // base-64 encode the password (to allow support for Unicode)
-        // and then encrypt the password with the salt
-        password = rc4Encrypt(salt, btoa(unescape(encodeURIComponent(password))));
-
-        // hex encode the encrypted password
-        password = hexEncode(password);
-
-        var params = {password:password};
-
-        // get any other form values
+        // extract form values
+        var params = {};
         for (var i = 0; i < form.length; i++) {
+          // special handling for password
           if (form.elements[i].name == 'password') {
-            continue;
+            // base-64 encode the password (to allow support for Unicode)
+            // and then encrypt the password with the salt
+            var password = rc4Encrypt(
+                salt, btoa(unescape(encodeURIComponent(form.elements[i].value)))
+            );
+            // hex encode the encrypted password
+            params[form.elements[i].name] = hexEncode(password)
+          } else {
+            params[form.elements[i].name] = form.elements[i].value;
           }
-          params[form.elements[i].name] = form.elements[i].value;
         }
 
         // login via ajax
diff --git a/themes/bootstrap3/templates/Auth/AbstractBase/loginfields.phtml b/themes/bootstrap3/templates/Auth/AbstractBase/loginfields.phtml
index f892564d155..cad2d9673d2 100644
--- a/themes/bootstrap3/templates/Auth/AbstractBase/loginfields.phtml
+++ b/themes/bootstrap3/templates/Auth/AbstractBase/loginfields.phtml
@@ -1,12 +1,12 @@
 <div class="form-group">
-  <label class="col-sm-3 control-label" for="login_username"><?=$this->transEsc('Username')?>:</label>
+  <label class="col-sm-3 control-label" for="login_<?=$this->escapeHtmlAttr($topClass)?>_username"><?=$this->transEsc('Username')?>:</label>
   <div class="col-sm-9">
-    <input type="text" name="username" id="login_username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>" class="form-control"/>
+    <input type="text" name="username" id="login_<?=$this->escapeHtmlAttr($topClass)?>_username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>" class="form-control"/>
   </div>
 </div>
 <div class="form-group">
-  <label class="col-sm-3 control-label" for="login_password"><?=$this->transEsc('Password')?>:</label>
+  <label class="col-sm-3 control-label" for="login_<?=$this->escapeHtmlAttr($topClass)?>_password"><?=$this->transEsc('Password')?>:</label>
   <div class="col-sm-9">
-    <input type="password" name="password" id="login_password" class="form-control"/>
+    <input type="password" name="password" id="login_<?=$this->escapeHtmlAttr($topClass)?>_password" class="form-control"/>
   </div>
 </div>
\ No newline at end of file
diff --git a/themes/bootstrap3/templates/Auth/MultiILS/loginfields.phtml b/themes/bootstrap3/templates/Auth/MultiILS/loginfields.phtml
index 105b5a9ebbe..8e34e7d16b0 100644
--- a/themes/bootstrap3/templates/Auth/MultiILS/loginfields.phtml
+++ b/themes/bootstrap3/templates/Auth/MultiILS/loginfields.phtml
@@ -10,14 +10,14 @@
   </div>
 </div>
 <div class="form-group">
-  <label class="col-sm-3 control-label" for="login_username"><?=$this->transEsc('Username')?>:</label>
+  <label class="col-sm-3 control-label" for="login_<?=$this->escapeHtmlAttr($topClass)?>_username"><?=$this->transEsc('Username')?>:</label>
   <div class="col-sm-9">
-    <input id="login_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>" class="form-control"/>
+    <input id="login_<?=$this->escapeHtmlAttr($topClass)?>_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>" class="form-control"/>
   </div>
 </div>
 <div class="form-group">
-  <label class="col-sm-3 control-label" for="login_password"><?=$this->transEsc('Password')?>:</label>
+  <label class="col-sm-3 control-label" for="login_<?=$this->escapeHtmlAttr($topClass)?>_password"><?=$this->transEsc('Password')?>:</label>
   <div class="col-sm-9">
-    <input id="login_password" type="password" name="password" class="form-control"/>
+    <input id="login_<?=$this->escapeHtmlAttr($topClass)?>_password" type="password" name="password" class="form-control"/>
   </div>
 </div>
diff --git a/themes/jquerymobile/templates/Auth/AbstractBase/loginfields.phtml b/themes/jquerymobile/templates/Auth/AbstractBase/loginfields.phtml
index 1b6516b967b..104268d728c 100644
--- a/themes/jquerymobile/templates/Auth/AbstractBase/loginfields.phtml
+++ b/themes/jquerymobile/templates/Auth/AbstractBase/loginfields.phtml
@@ -1,4 +1,4 @@
-<label for="login_username"><?=$this->transEsc('Username')?>:</label>
-<input id="login_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>"/>
-<label for="login_password"><?=$this->transEsc('Password')?>:</label>
-<input id="login_password" type="password" name="password"/>
+<label for="login_<?=$this->escapeHtmlAttr($topClass)?>_username"><?=$this->transEsc('Username')?>:</label>
+<input id="login_<?=$this->escapeHtmlAttr($topClass)?>_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>"/>
+<label for="login_<?=$this->escapeHtmlAttr($topClass)?>_password"><?=$this->transEsc('Password')?>:</label>
+<input id="login_<?=$this->escapeHtmlAttr($topClass)?>_password" type="password" name="password"/>
diff --git a/themes/jquerymobile/templates/Auth/MultiILS/loginfields.phtml b/themes/jquerymobile/templates/Auth/MultiILS/loginfields.phtml
index 1c081bbd2dd..a49842249df 100644
--- a/themes/jquerymobile/templates/Auth/MultiILS/loginfields.phtml
+++ b/themes/jquerymobile/templates/Auth/MultiILS/loginfields.phtml
@@ -5,7 +5,7 @@
   <option value="<?=$this->escapeHtmlAttr($target)?>"<?=($target == $currentTarget ? ' selected="selected"' : '')?>><?=$this->transEsc("source_$target", null, $target)?></option>
   <? endforeach ?>
 </select>
-<label for="login_username"><?=$this->transEsc('Username')?>:</label>
-<input id="login_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>"/>
-<label for="login_password"><?=$this->transEsc('Password')?>:</label>
-<input id="login_password" type="password" name="password"/>
+<label for="login_<?=$this->escapeHtmlAttr($topClass)?>_username"><?=$this->transEsc('Username')?>:</label>
+<input id="login_<?=$this->escapeHtmlAttr($topClass)?>_username" type="text" name="username" value="<?=$this->escapeHtmlAttr($this->request->get('username'))?>"/>
+<label for="login_<?=$this->escapeHtmlAttr($topClass)?>_password"><?=$this->transEsc('Password')?>:</label>
+<input id="login_<?=$this->escapeHtmlAttr($topClass)?>_password" type="password" name="password"/>
-- 
GitLab