From 3b98736d18d68c12099b88dca93b6085eaa467ac Mon Sep 17 00:00:00 2001
From: "justdave%syndicomm.com" <justdave%syndicomm.com>
Date: Thu, 7 Jun 2001 20:26:40 +0000
Subject: [PATCH] Fix for bug 15980: Password is no longer shown in the
 location bar on the first page you load after logging in. Patch by Dave
 Miller <justdave@syndicomm.com> r= jake@acutex.net

---
 webtools/bugzilla/CGI.pl          | 12 +++++++++---
 webtools/bugzilla/process_bug.cgi | 10 ++++++++--
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/webtools/bugzilla/CGI.pl b/webtools/bugzilla/CGI.pl
index 0980366bddb2..138e52414a26 100644
--- a/webtools/bugzilla/CGI.pl
+++ b/webtools/bugzilla/CGI.pl
@@ -20,6 +20,7 @@
 # Contributor(s): Terry Weissman <terry@mozilla.org>
 #                 Dan Mosedale <dmose@mozilla.org>
 #                 Joe Robins <jmrobins@tgix.com>
+#                 Dave Miller <justdave@syndicomm.com>
 
 # Contains some global routines used throughout the CGI scripts of Bugzilla.
 
@@ -914,9 +915,14 @@ Content-type: text/html
 	    $nexturl = $&;
         }
         my $method = "POST";
-        if (defined $ENV{"REQUEST_METHOD"} && length($::buffer) > 1) {
-            $method = $ENV{"REQUEST_METHOD"};
-        }
+# We always want to use POST here, because we're submitting a password and don't
+# want to see it in the location bar in the browser in case a co-worker is looking
+# over your shoulder.  If you have cookies off and need to bookmark the query, you
+# can bookmark it from the screen asking for your password, and it should still
+# work.  See http://bugzilla.mozilla.org/show_bug.cgi?id=15980
+#        if (defined $ENV{"REQUEST_METHOD"} && length($::buffer) > 1) {
+#            $method = $ENV{"REQUEST_METHOD"};
+#        }
         print "
 <FORM action=$nexturl method=$method>
 <table>
diff --git a/webtools/bugzilla/process_bug.cgi b/webtools/bugzilla/process_bug.cgi
index 81f6846b89f5..1b02b7b0c640 100755
--- a/webtools/bugzilla/process_bug.cgi
+++ b/webtools/bugzilla/process_bug.cgi
@@ -724,8 +724,14 @@ The changes made were:
         $::FORM{'delta_ts'} = $delta_ts;
         print "<li><form method=post>";
         foreach my $i (keys %::FORM) {
-            my $value = value_quote($::FORM{$i});
-            print qq{<input type=hidden name="$i" value="$value">\n};
+            # Make sure we don't include the username/password fields in the
+            # HTML.  If cookies are off, they'll have to reauthenticate after
+            # hitting "submit changes anyway".
+            # see http://bugzilla.mozilla.org/show_bug.cgi?id=15980
+            if ($i !~ /^(Bugzilla|LDAP)_(login|password)$/) {
+              my $value = value_quote($::FORM{$i});
+              print qq{<input type=hidden name="$i" value="$value">\n};
+            }
         }
         print qq{<input type=submit value="Submit my changes anyway">\n};
         print " This will cause all of the above changes to be overwritten";