Number/Carrier Info left in SMS call number field when navigating back
Bug #1316788 reported by
Geoff Sams
This bug affects 6 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Confirmed
|
Medium
|
Unassigned |
Bug Description
Evergreen 2.3.5
OpenSRF 2.1.2
Postgres 9.1
Ubuntu 12.04 LTS
Important Factor: We do not require patrons to log in to send SMS Call Number information.
When a patron sends Call Number information via the SMS feature, if you then hit back, the information is still present in the fields. This would allow other patrons to see both carrier and phone number information for other patrons if they were to press the back button.
I posted to IRC in order to check if a more recent version exhibited this issue and was told that 2.5 is showing this behavior as well by Kathy Lussier. (THanks for that!)
I didn't want to post the bug if there wasn't a more recent version involved.
tags: | added: patron privacy |
To post a comment you must log in.
We had a similar problem reported in https:/ /bugs.launchpad .net/evergreen/ +bug/1013300 that was fixed by adding a no-cache header for pages that required authentication. Since there are several sites that do not require authentication to send an SMS call number, the fix from that bug doesn't work here.