Bug #84308
closed
Submit of RSA encrypted form not working with type="image" in TYPO3 8.7.11
0%
Description
hi,
In TYPO3 8.7.11, sending an RSA encrypted form does not work if an input type = "image" is used as submit.
e.g. felogin
Steps to reproduce:
set felogin on a page and use this plugin: https://pastebin.com/vSzvR4nQ
it's the original felogin template from 8.7.10. only the Login button is replaced the Login Code form here:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/image
<input id="image" type="image" width="100" height="30" alt="Login"
src="https://raw.githubusercontent.com/mdn/learning-area/master/html/forms/image-type-example/login.png">
open the Frontend with the login form and just click "LOGIN", the password field is filled with the rsa encrypted code and then nothing happens.
if you clicked a second time the form will be sent
testet with chrome and firefox on macos x
Updated by Stephan Großberndt about 6 years ago
Could you check if this is related to / solved by
https://forge.typo3.org/issues/84253 / https://review.typo3.org/#/c/56142/ ?
Updated by Susanne Moog about 6 years ago
- Related to Bug #84253: BE Login with 8.7.11 and Firefox Quantum Browser Version 59.0 not possible anymore added
Updated by Sven Juergens about 6 years ago
hi,
no, it seems it's not directly related to that issue.
Because here we have another JavaScript File.
In fe_login e.g we use the File
typo3_src-8.7.11/typo3/sysext/rsaauth/Resources/Public/JavaScript/RsaEncryption.js
and not
typo3_src-8.7.11/typo3/sysext/rsaauth/Resources/Public/JavaScript/RsaEncryptionModule.js
The problem is the way the submit Fields are fetched in Javascript, in this part, in RsaEncryption.js line 130
...
for (var i = *document.forms*.length; i--;) {
var form = document.forms[i];
for (var j = form.elements.length; j--;) {
var field = form.elements[j];
if (field.nodeName.toLowerCase() === 'input') {
var dataAttribute = field.getAttribute('data-rsa-encryption');
if (dataAttribute || dataAttribute === '' && field.outerHTML.match(/ data-rsa-encryption=""/)) {
if (!form.rsaEncryption) {
* form.rsaEncryption = new rsaEncryption(form);*
if (form.addEventListener) {
form.addEventListener('submit', form.rsaEncryption.handleFormSubmitRequest, false);
} else if (form.attachEvent) {
form.attachEvent('onsubmit', form.rsaEncryption.handleFormSubmitRequest);
}
}
form.rsaEncryption.fields.push(field);
}
}
}
}
We use "document.forms" to get all forms on page and in which we later search for the submit button
But: type="image" is not part of that
The elements which are included by HTMLFormElement.elements and HTMLFormElement.length are: <button> <fieldset> <input> (with the exception that any whose type is "image" are omitted for historical reasons) <object> <output> <select> <textarea> No other elements are included in the list returned by elements, which makes it an excellent way to get at the elements most important when processing forms.
Source:https://developer.mozilla.org/en-US/docs/Web/API/HTMLFormElement/elements
With this commit we changed the submit handling: https://github.com/TYPO3/TYPO3.CMS/commit/a0e51ca70b9d8bc343acc0d178a9ba4b9095b94b
now the form is not simply sent, but it is searched for a submit button and clicked
Updated by Sven Juergens about 6 years ago
hi,
this could be a possible solution:
as descriped here: https://developer.mozilla.org/en-US/docs/Web/API/HTMLFormElement/elements
HTMLFormElement.elements get this fields "button ,fieldset ,input ,object ,output ,select ,textarea".
So we get the fields ourselves with querySelectorAll and use it like this:
// Submit the form again but now with encrypted values
var formElements = rsaEncryption.form.querySelectorAll('button ,fieldset ,input ,object ,output ,select ,textarea');
for (var j = formElements.length; j--;) {
var submitField = formElements[j];
if ((['input', 'button'].indexOf(submitField.nodeName.toLowerCase()) > -1)
&& (['submit', 'image', 'button'].indexOf(submitField.type.toLowerCase()) > -1)
) {
submitField.click();
}
}
Updated by Markus Klein about 6 years ago
- Related to deleted (Bug #84253: BE Login with 8.7.11 and Firefox Quantum Browser Version 59.0 not possible anymore)
Updated by Markus Klein about 6 years ago
- Related to Bug #76120: rsaauth does not submit the name of the submit-button added
Updated by Markus Klein about 6 years ago
- Status changed from New to Accepted
Thanks for your finding. We currently discuss in the core team how we deal with this mess.
Updated by Markus Klein about 6 years ago
- Status changed from Accepted to Resolved
- Assignee set to Markus Klein
- Target version set to 8.7.12
Offending patches have been reverted. Things shall be working again as before.
Updated by Markus Klein about 6 years ago
- Related to Bug #84503: Streamline RsaAuth login behavior added
Updated by