From 32e55e62d9bae43f85228dfa5dafe4b25e4820dc Mon Sep 17 00:00:00 2001
From: tonnesen <tonnesen>
Date: Fri, 25 Oct 2002 21:52:31 +0000
Subject: [PATCH] Strips userid and password parameters off URL parameters
 list.

---
 C4/Auth.pm | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/C4/Auth.pm b/C4/Auth.pm
index 42147e2f5d..2f14956315 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -180,6 +180,7 @@ sub checkauth {
 	    my @inputs;
 	    my $self_url = $query->self_url();
 	    foreach my $name (param $query) {
+		(next) if ($name eq 'userid' || $name eq 'password');
 		my $value = $query->param($name);
 		push @inputs, {name => $name , value => $value};
 	    }
@@ -190,7 +191,13 @@ sub checkauth {
 				      -expires => '+1y');
 
 	    $template->param(loginprompt => 1);
-	    $template->param(url => $query->self_url());
+
+	    # Strip userid and password parameters off the self_url variable
+
+	    $self_url=~s/\?*userid=[^;]*;*//g;
+	    $self_url=~s/\?*password=[^;]*;*//g;
+
+	    $template->param(url => $self_url);
 	    print $query->header(-cookie=>$cookie), $template->output;
 	    exit;
 	}
-- 
2.39.5