From owner-freebsd-bugbusters@FreeBSD.ORG  Tue Jun 21 19:52:04 2005
Return-Path: <owner-freebsd-bugbusters@FreeBSD.ORG>
X-Original-To: bugbusters@FreeBSD.org
Delivered-To: freebsd-bugbusters@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C58FE16A41C;
	Tue, 21 Jun 2005 19:52:04 +0000 (GMT)
	(envelope-from cracauer@schlepper.zs64.net)
Received: from schlepper.zs64.net (schlepper.zs64.net [212.12.50.230])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5E98E43D1F;
	Tue, 21 Jun 2005 19:52:04 +0000 (GMT)
	(envelope-from cracauer@schlepper.zs64.net)
Received: from schlepper.zs64.net (schlepper [212.12.50.230])
	by schlepper.zs64.net (8.13.1/8.12.9) with ESMTP id j5LJq2d3099441;
	Tue, 21 Jun 2005 21:52:02 +0200 (CEST)
	(envelope-from cracauer@schlepper.zs64.net)
Received: (from cracauer@localhost)
	by schlepper.zs64.net (8.13.1/8.12.9/Submit) id j5LJq2uY099440;
	Tue, 21 Jun 2005 15:52:02 -0400 (EDT) (envelope-from cracauer)
Date: Tue, 21 Jun 2005 15:52:02 -0400
From: Martin Cracauer <cracauer@cons.org>
To: bugbusters@FreeBSD.org
Message-ID: <20050621155202.A99219@cons.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Cc: freebsd-hackers@FreeBSD.org
Subject: Serious braindamage in the send-pr web interface
X-BeenThere: freebsd-bugbusters@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Coordination of the Problem Report handling effort."
	<freebsd-bugbusters.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugbusters>, 
	<mailto:freebsd-bugbusters-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugbusters>
List-Post: <mailto:freebsd-bugbusters@freebsd.org>
List-Help: <mailto:freebsd-bugbusters-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugbusters>, 
	<mailto:freebsd-bugbusters-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jun 2005 19:52:04 -0000

The security code of the web interface seems to really screw people
over (the image displaying a text that you have to enter).

It goes like this:
- open web page
- enter PR
- enter security code but get anything wrong (case is sufficient)

You get an error complaing about the security code.

Press back.  Your carefully edited PR is still there.  Good.

However, it displays the same image and the same security code as
before, although send-pr seems to have generated a new one internally.
The new code is not displayed, however, since there is no expire
header on the old one and you just hit the "back" button.

So it displays the old code to the user while it already expects a new
one.

So it rejects everything that comes out of the sequence "back button"
and resubmitting, so matter how often you do it.  It never displays
its currently expected code in an image in the user's browser, it
reuses the first image every time.

If you figure that this is the problem you press reload - and your PR
is gone :-/

I think this might be fixable as easy as setting an expire header on
the image.

Also, it shouldn't be all-uppercase and case sensitive, that is
pointless. 

Martin
-- 
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Martin Cracauer <cracauer@cons.org>   http://www.cons.org/cracauer/
 No warranty.    This email is probably produced by one of my cats 
 stepping on the keys. No, I don't have an infinite number of cats.