Bug 23042: Only include GET params in return URL for Shibboleth
The shibboleth return target included POST parameters in the URL string,
this meant that a failed local login POST would include the username and
password used in the attemtped login in plaintext in the redirect URL
that is appended to the shibboleth login URL.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
projects / koha.git / commit
