Never use the value attribute of <button> to encode anything we care

about, in particular 'action' arguments to the CGI.  This works around
a bug in Internet Explorer.

At the time of writing, the commentary at
http://msdn2.microsoft.com/en-gb/library/ms535211(VS.85).aspx mentions
the problem.  (Alternatively, MSDN Library -> Web Development -> HTML
and CSS -> HTML and DHTML Reference -> Objects -> button.)

diff --git a/templates/login.html b/templates/login.html
index 8516de209b69e51117aedf84269a1efe0fb5a4b1..21c7ddf05e947970591fb087258495005af06354 100644 (file)
--- a/templates/login.html
+++ b/templates/login.html
@@ -66,12 +66,13 @@ USA
        </tr>
        <tr>
          <td>
-           <button class=login name=action type=submit value=login>
+           <button class=login name=button type=submit>
              @label:login.login@
            </button>
          </td>
        </tr>
      </table>
+     <input name=action type=hidden value=login>
      <input name=nonce type=hidden value="@nonce@">
      <input name=back type=hidden value="@arg:back@">
    </form>
@@ -121,12 +122,13 @@ USA
        </tr>
        <tr>
          <td>
-           <button class=register name=action type=submit value=register>
+           <button class=register name=button>
              @label:login.register@
            </button>
          </td>
        </tr>
      </table>
+     <input name=action type=hidden value=register>
      <input name=nonce type=hidden value="@nonce@">
    </form>}@
    }{
@@ -137,10 +139,11 @@ USA
    <form class=logout action="@url@" method=POST
          enctype="multipart/form-data" accept-charset=utf-8>
      <div class=logout>
-       <button class=logout name=action type=submit value=logout>
+       <button class=logout name=submit type=submit>
          @label:login.logout@
        </button>
      </div>
+     <input name=action type=hidden value=logout>
      <input name=nonce type=hidden value="@nonce@">
    </form>
 
@@ -175,12 +178,13 @@ USA
        </tr>
        <tr>
          <td>
-           <button class=edituser name=action type=submit value=edituser>
+           <button class=edituser name=submit type=submit>
              @label:login.edituser@
            </button>
          </td>
        </tr>
      </table>
+     <input name=action type=hidden value=edituser>
      <input name=nonce type=hidden value="@nonce@">
    </form>
 

diff --git a/templates/playing.html b/templates/playing.html
index 815b8957697d60573b2b1a0df73acf7cebe4b096..b53c2c02492145d25ade4bd895a7ef0629f3103c 100644 (file)
--- a/templates/playing.html
+++ b/templates/playing.html
@@ -74,7 +74,7 @@ USA
     <span class=button>
     <a class=button
     href="@url@?action=disable&#38;nonce=@nonce@&#38;mgmt=true"
-     title="@label:playing.playingdisableverbose@">@label:playing.playing@</a>
+     title="@label:playing.disableverbose@">@label:playing.playing@</a>
     </a>
     </span>
     <img width=16 height=16 class=imgbutton src="@image:enabled@">
@@ -83,7 +83,7 @@ USA
     <span class=button>
     <a class=button
     href="@url@?action=enable&#38;nonce=@nonce@&#38;mgmt=true"
-     title="@label:playing.playingenableverbose@">@label:playing.playing@</a>
+     title="@label:playing.enableverbose@">@label:playing.playing@</a>
     </a>
     </span>
     <img width=16 height=16 class=imgbutton src="@image:disabled@">
@@ -101,9 +101,9 @@ USA
      @label:volume.right@ <input size=3 name=right type=text value="@volume:right@">
      <input name=nonce type=hidden value="@nonce@">
      <input name=back type=hidden value="@thisurl@?mgmt=true">
-     @right{volume}{<button class=search name=action type=submit value=volume>
+     @right{volume}{<button class=search name=submit type=submit>
       @label:volume.set@
-     </button>}@
+     </button><input name=action type=hidden value=volume>}@
      @right{volume}{<a class=imgbutton
       href="@url@?action=volume&#38;delta=@label:volume.resolution@&#38;back=@urlquote{@thisurl@?mgmt=true}@">
       <img class=button src="@image:up@"

diff --git a/templates/prefs.html b/templates/prefs.html
index 853e1b030b1122c45137c0a0ccda38fc82b9b6e6..46722ad870fecf407ed7fa7d008c8fb28413fdbb 100644 (file)
--- a/templates/prefs.html
+++ b/templates/prefs.html
@@ -65,9 +65,10 @@ USA
    }@
     
     <p>
-     <button class="pref_set" type=submit name=action value=prefs>
+     <button class="pref_set" type=submit name=submit>
       @label:prefs.set@
      </button>
+     <input name=action type=hidden value=prefs>
     </p>
    </form>
 

diff --git a/templates/search.html b/templates/search.html
index 457186d4c1638acd1aee704963840c782d51f66c..b534591e6d001ddc38a65de8eacaf3364252db83 100644 (file)
--- a/templates/search.html
+++ b/templates/search.html
@@ -32,9 +32,10 @@ USA
      <p class=search>Enter search terms:
      <input class=query name=query type=text value="@arg:query@"
       size=50>
-     <button class=search name=action type=submit value=search>
+     <button class=search name=submit type=submit>
       @label:search.search@
      </button>
+     <input name=action type=hidden value=search>
      <input name=nonce type=hidden value="@nonce@">
      </p>
    </form>