Opened 8 years ago

Closed 8 years ago

#1357 closed defect (fixed)

safari form submit has empty form field names in POST data, causes failure with perl CGI

Reported by: guest Owned by: gogo
Priority: normal Milestone: 0.96
Component: Xinha Core Version: trunk
Severity: normal Keywords:
Cc: vivek@…

Description

I'm using the 0.95 release on a test version of my web site, but the same issue occurs on the online demo extended version.

When the form is submitted in Safari 3.2.1, the POST data has some extra data which looks like this:

=p&=arial%2Chelvetica%2Csans-serif&=&Dialog13=url...

Note the first three parameters have no name, the third one also has no value. This seems to work with PHP's CGI form processing library, but the perl standard CGI.pm (version 3.42) stops at the first empty field name. The end result of this is that when the form is submitted to a perl program, no data is processed.

I used the Burp Suite HTTP proxy to capture the above POST data, and if I alter the data to give fake names to the first three fields (or just delete them altogether) and forward it to the web server, then the perl program processes the data from the text area field just fine.

I tried the nightly build demo and it too submits those empty field names in Safari.

In Firefox, the empty field names are not submitted as part of the POST data, so there are no problems with processing the rest of the fields in a perl program.

A long time ago I had to solve this same problem for my website. At that time it turned out that I had a form element that I was not interested in processing on the backend, but which used javascript event handlers to alter the other fields on the form. Since the form element had no name, it caused safari to submit it as above, causing problems. Simply providing a name to the element solved my issue at that time. Perhaps it is the same issue here. I will investigate, but for now I am just filing this bug report in the hopes someone else knows how to fix it quickly.

Change History (2)

comment:1 Changed 8 years ago by guest

I found the fix. It is a one-liner!

At around line 1687 of XinhaCore.js, right below this line:

el.title = tooltip;

add this line:

el.name=txt;

And when Safari submits the data, all the elements have field names. The submit POST data looks something like this with my fix:

formatblock=h6&fontname=georgia%2Ctimes+new+roman%2Ctimes%2Cserif&fontsize=&Dialog1=on&...

comment:2 Changed 8 years ago by nicholasbs

  • Resolution set to fixed
  • Status changed from new to closed

Changeset r1145 applies the fix proposed above.

Thanks for the fix!

Note: See TracTickets for help on using tickets.