Users can submit duplicate requests through external requesting by rapidly clicking the submit button.
Bug# 47020 votes
The hidden field containing the username on includeappointmentinfo.html is not necessary as this information is obtained from the user's web session:
<div id="username" hidden><#PARAM name="Username"></div>
Bug# 136410 votes
Using the "Submit Request" button for a saved request via the Actions dropdown menu or from the Request Details page allows the user to submit a request without an appointment, even if appointments are required.
Workaround: Comment out the Submit Request option on the DataRowDefaultRequest, RequestsInReviewDataRow/DataRowReviewRequest, and include_TransactionMenu pages.
Bug# 135430 votes
When a button does not explicitly declare a type in its code, it defaults to type="submit", which can sometimes lead to problems when processing transactions through a payment provider gateway.
Workaround: The code for the buttons in includepaymentbuttons.html should include the attribute 'type="button"'
Aeon v5.0.73/5.1 Default Web Pages
Bug# 130280 votes
An EAD request can become uneditable if the SkipOrderEstimates parameter is set to "Yes" and the request fails web validation. This is because SkipOrderEstimates will set the Photoduplication status of the request to "Awaiting Order Processing," which makes the request uneditable, even though the web validation failure sent the request to Awaiting User Review.
Bug# 126630 votes
When an error is encountered, the Aeon Web DLL is surfacing detailed error information that should not be visible to end-users.
Bug# 122890 votes
When submitting a request for a researcher, the DLL does not properly validate the proxy relationship between the user submitting the request and the selected researcher.
Bug# 116990 votes
In the default Aeon web pages, the BillingAccountsVisible param tag on PhotoduplicationRequest.html does not properly hide the BillIng Account dropdown if Billing Accounts are disabled.
Bug# 115330 votes
When submitting a new request through the web and manually typing in the date, the date will be accepted regardless of if it is a blackout date. The blackout date will be unavailable if you attempt to select it from the calendar.
Workaround: Disable the manual entry to the date field by adding the below code to the scheduled_date.js:
// Disable manual entry for date
Bug# 83640 votes
A second class attribute was added for action items in the data row template. The contextual classes (e.g, menuClone) should be included in the earlier class definitions.
<a class="dropdown-item btn btn-light <#DATAROW field="RequestActionAllowed" name="Clone" disabledValue="d-none">" href="aeon.dll?Action=11&Form=32&Value=<#DATAROW field="TransactionNumber">" class="menuClone"><span aria-hidden="true" class="fas fa-copy text-primary"></span> Clone Request</a>
Bug# 78690 votes
Not all Date/Time fields are coded with the ISO8601 date.
Bug# 77100 votes
Security scans may ping the following old commented out jQuery in the web pages that needs to be removed:
<!-- jQuery first, then Popper.js, then Bootstrap JS -->
<!--<script src="https://code.jquery.com/jquery-3.4.1.slim.min.js" integrity="sha384-J6qa4849blE2+poT4WnyKhv5vZF5SrPo0iEjwBvKU7imGFAV0wwj1yYfoRSJoZ+n"
Bug# 75730 votes
The DLL is using the same code for both the MainMenu.html and ViewRequestHistory.html tables and just uses an attribute to determine which table is show.
Bug# 12310 votes
Bug# 73360 votes
Typo of the spelling "Request" in the templates folder:
Bug# 69010 votes
The includeheaderrequest.html page is a web file that pre-dates Aeon 5.0. It is no longer used in any default Aeon 5.0 pages. The file should be removed.
Bug# 60260 votes
The check for UserControlsTransaction is loading the transaction query each time to determine ownership.
Bug# 44930 votes
Some web users have been able to re-submit requests after they are placed in statuses that should not allow re-submission.0 votes