[Koha-bugs] [Bug 24779] New: Shibboleth login url double encodes "=" in query
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Mar 2 20:38:33 CET 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24779
Bug ID: 24779
Summary: Shibboleth login url double encodes "=" in query
Change sponsored?: ---
Product: Koha
Version: 19.11
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5 - low
Component: Authentication
Assignee: koha-bugs at lists.koha-community.org
Reporter: hannah.co at northwestu.edu
QA Contact: testopia at bugs.koha-community.org
CC: dpavlin at rot13.org
login_shib_url and logout_shib use _get_return to process a url and parameters.
I am seeing urls come through with the "=" between the parameter name and the
query encoded to "%3D". I think this is because url encoding is done on line
214 to the whole parameter string after assembly.
214 return $uri_base_part .
URI::Escape::uri_escape_utf8($uri_params_part);
I believe only the query part of the parameter should be uri escaped, on line
209:
209 $uri_params_part .= $uriPiece;
My installation with shibboleth login works with lines 209 and 214 changed as
follows:
209 $uri_params_part .= URI::Escape::uri_escape_utf8($uriPiece);
214 return $uri_base_part . $uri_params_part;
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list