[Koha-bugs] [Bug 24779] New: Shibboleth login url double encodes "=" in query

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24779

            Bug ID: 24779
           Summary: Shibboleth login url double encodes "=" in query
 Change sponsored?: ---
           Product: Koha
           Version: 19.11
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5 - low
         Component: Authentication
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: hannah.co at northwestu.edu
        QA Contact: testopia at bugs.koha-community.org
                CC: dpavlin at rot13.org

login_shib_url and logout_shib use _get_return to process a url and parameters.
I am seeing urls come through with the "=" between the parameter name and the
query encoded to "%3D". I think this is because url encoding is done on line
214 to the whole parameter string after assembly. 

  214    return $uri_base_part .
URI::Escape::uri_escape_utf8($uri_params_part);

I believe only the query part of the parameter should be uri escaped, on line
209:

  209    $uri_params_part .= $uriPiece;

My installation with shibboleth login works with lines 209 and 214 changed as
follows:

  209    $uri_params_part .= URI::Escape::uri_escape_utf8($uriPiece);
  214    return $uri_base_part . $uri_params_part;

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.