[Koha-bugs] [Bug 23526] New: Shibboleth login url with query has double encoded '?' %3F

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri Aug 30 19:16:06 CEST 2019


https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23526

            Bug ID: 23526
           Summary: Shibboleth login url with query has double encoded '?'
                    %3F
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5 - low
         Component: Authentication
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: nick at bywatersolutions.com
        QA Contact: testopia at bugs.koha-community.org
                CC: dpavlin at rot13.org

In login_shib_url we place an encoded '?' into the login url:
 65     if ( $query->query_string() ) {
 66         $param = $param . '%3F' . $query->query_string();
 67     }

Then in the templates we filter that using the URL filter:
<p>If you have a Shibboleth account, please <a href="[% shibbolethLoginUrl |
url %]">click here to login</a>.</p>


The URL filter turns the % into %25 and the string comes out as
https://anykoha.bywatersolutions.com/Shibboleth.sso/Login?target=https://anykoha.bywatersolutions.com/cgi-bin/koha/opac-search.pl%253Fq=cats

This returns a 4040 on successful login

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.


More information about the Koha-bugs mailing list