From b57d98517c5a9572a54412f7f4e5d872acfa85c3 Mon Sep 17 00:00:00 2001 From: Fridolin Somers Date: Thu, 10 Apr 2014 13:12:19 +0200 Subject: [PATCH] Bug 11219: (follow-up) fetch only URL parameters This followup corrects the fact that when using $query->url(), both GET and POST params are get. Using $query->url_param() will only get params directly in URL. Test plan : - Enable CAS - Go to login page : cgi-bin/koha/opac-user.pl - Try to connect with local login using random login and password (they will be transmitted by POST) - You stay to login page - Look at CAS login URL => Without this patch it will contain the random login and password as parameters of opac-user.pl => With this patch it does not contain any parameter Signed-off-by: Matthias Meusburger Signed-off-by: Katrin Fischer Signed-off-by: Kyle M Hall Signed-off-by: Galen Charlton --- C4/Auth_with_cas.pm | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/C4/Auth_with_cas.pm b/C4/Auth_with_cas.pm index e71898eb94..a42a71cbb1 100644 --- a/C4/Auth_with_cas.pm +++ b/C4/Auth_with_cas.pm @@ -184,8 +184,7 @@ sub _get_cas_and_service { my $query = shift; my $key = shift; # optional - my $uri = C4::Context->preference('OPACBaseURL'); # server address - $uri .= $query->url( -absolute => 1, -query => 1 ); # page with params + my $uri = _url_with_get_params($query); my $casparam = $defaultcasserver; $casparam = $query->param('cas') if defined $query->param('cas'); @@ -195,6 +194,23 @@ sub _get_cas_and_service { return ( $cas, $uri ); } +# Get the current URL with parameters contained directly into URL (GET params) +# This method replaces $query->url() which will give both GET and POST params +sub _url_with_get_params { + my $query = shift; + + my $uri_base_part = C4::Context->preference('OPACBaseURL') . $query->script_name(); + my $uri_params_part = ''; + foreach ( $query->url_param() ) { + $uri_params_part .= '&' if $uri_params_part; + $uri_params_part .= $_ . '='; + $uri_params_part .= URI::Escape::uri_escape( $query->url_param($_) ); + } + $uri_base_part .= '?' if $uri_params_part; + + return $uri_base_part . $uri_params_part; +} + 1; __END__ -- 2.39.5