From 1e47e5a849fb0297f7da1a5ebd5d94f5b8cd46f9 Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Mon, 4 Nov 2019 13:13:16 +0000 Subject: [PATCH] Bug 23075: (follow-up) Dissallow transparent redirects GET request redirects were causing the http URL to 'pass' our 'good url' test for http => https redirected mana servers. However, on the subsquent POST request to get a mana security token we would fail as the POST was not transparently redirected. This patch changes the request to be a simple_request so we will catch bad urls earlier and it also prevents submissions for security tokens if the configured URL is identified as bad. Signed-off-by: David Nind Signed-off-by: Jonathan Druart Signed-off-by: Martin Renvoize --- Koha/SharedContent.pm | 3 +-- koha-tmpl/intranet-tmpl/prog/en/modules/admin/share_content.tt | 2 ++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Koha/SharedContent.pm b/Koha/SharedContent.pm index 04cb67502d..0e9c8a91bf 100644 --- a/Koha/SharedContent.pm +++ b/Koha/SharedContent.pm @@ -58,8 +58,7 @@ sub process_request { $mana_request->content( to_json($content) ); } - my $response = $userAgent->request($mana_request); - + my $response = $userAgent->simple_request($mana_request); eval { $result = from_json( $response->decoded_content, { utf8 => 1} ); }; $result->{code} = $response->code; if ( $@ ){ diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/share_content.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/share_content.tt index d441b06dc6..a1940a8cbc 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/share_content.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/share_content.tt @@ -46,6 +46,7 @@

Learn more about Mana KB on the official Mana KB documentation.

+ [% IF mana_url && !bad_url %] [% IF (mana_url) %]

Your Mana KB server is currently: [% mana_url | url %]

[% END %] @@ -136,6 +137,7 @@ [% END %] + [% END # /IF mana_url && !bad_url %] -- 2.39.5