c2c-oerpscenario team mailing list archive

Thread
Date

[Bug 686397] Re: Failed logon leads to invalid action

To: c2c-oerpscenario@xxxxxxxxxxxxxxxxxxx
From: "vra \(openerp\)" <686397@xxxxxxxxxxxxxxxxxx>
Date: Thu, 16 Dec 2010 12:07:34 -0000
Reply-to: Bug 686397 <686397@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Visibility changed to: Public

** This bug is no longer flagged as a security vulnerability

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/686397

Title:
  Failed logon leads to invalid action

Status in OpenObject Web Client:
  New

Bug description:
  If a user attempts to login at the /openerp/login page and enters an incorrect username or password, the user gets redirected to the following url:

    /openerp/login?action=login&message=Bad+username+or+password&db=pilot&user=admin

If the user successfully logins in at that URL, then they get a page of errors due to that "action=login" parameter being in the URL. Included in the error messages is the user's username and password in clear text. The actual error that is generated is:

<type 'exceptions.TypeError'>: index() got an unexpected keyword argument 'action'
      args = ("index() got an unexpected keyword argument 'action'",)
      message = "index() got an unexpected keyword argument 'action'" 

Version: 6.0 rc1