From 2554c30da749731a879c3dbcd1841837dea8a935 Mon Sep 17 00:00:00 2001
From: Hadi Nategh <hn@stylite.de>
Date: Wed, 4 Feb 2015 09:40:52 +0000
Subject: [PATCH] Fix security error about autocomplete form happens only in FF

---
 etemplate/inc/class.etemplate_new.inc.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/etemplate/inc/class.etemplate_new.inc.php b/etemplate/inc/class.etemplate_new.inc.php
index 88bcee2ee9..ad7bbd14b7 100644
--- a/etemplate/inc/class.etemplate_new.inc.php
+++ b/etemplate/inc/class.etemplate_new.inc.php
@@ -189,11 +189,15 @@ class etemplate_new extends etemplate_widget_template
 			{
 				egw_framework::validate_file('.','app',$app,false);
 			}
+			// set action attribute for autocomplete form tag
+			// as firefox complains on about:balnk action, thus we have to literaly submit the form to a blank html
+			$form_action = "about:blank";
+			if (html::$user_agent == 'firefox') $form_action = $GLOBALS['egw_info']['server']['webserver_url'].'/etemplate/empty.html';
 
 			// check if we are in an ajax-exec call from jdots template (or future other tabbed templates)
 			if (isset($GLOBALS['egw']->framework->response))
 			{
-				$content = '<form target="egw_iframe_autocomplete_helper" action="about:blank" id="'.$dom_id.'" class="et2_container"></form><iframe name="egw_iframe_autocomplete_helper" style="width:0;height:0;position: absolute;"/>';
+				$content = '<form target="egw_iframe_autocomplete_helper" action="'.$form_action.'" id="'.$dom_id.'" class="et2_container"></form><iframe name="egw_iframe_autocomplete_helper" style="width:0;height:0;position: absolute;"/>';
 				// add server-side page-generation times
 				if($GLOBALS['egw_info']['user']['preferences']['common']['show_generation_time'])
 				{
@@ -226,7 +230,7 @@ class etemplate_new extends etemplate_widget_template
 				$load_array['response'] = egw_json_response::get()->returnResult();
 			}
 			// <iframe> and <form> tags added only to get browser autocomplete handling working again
-			echo '<form target="egw_iframe_autocomplete_helper" action="about:blank" id="'.$dom_id.'" class="et2_container" data-etemplate="'.html::htmlspecialchars(egw_json_response::json_encode($load_array), true).'"></form><iframe name="egw_iframe_autocomplete_helper" style="width:0;height:0;position: absolute;"/>';
+			echo '<form target="egw_iframe_autocomplete_helper" action="'.$form_action.'" id="'.$dom_id.'" class="et2_container" data-etemplate="'.html::htmlspecialchars(egw_json_response::json_encode($load_array), true).'"></form><iframe name="egw_iframe_autocomplete_helper" style="width:0;height:0;position: absolute;"/>';
 
 			if ($output_mode == 2)
 			{