[LON-CAPA-cvs] cvs: loncom /auth lonauth.pm

Fri Dec 20 09:54:34 EST 2013

raeburn		Fri Dec 20 14:54:34 2013 EDT

  Modified files:              
    /loncom/auth	lonauth.pm 
  Log:
  - Validation.
  
  
Index: loncom/auth/lonauth.pm
diff -u loncom/auth/lonauth.pm:1.128 loncom/auth/lonauth.pm:1.129

--- loncom/auth/lonauth.pm:1.128	Tue Nov 26 01:19:12 2013
+++ loncom/auth/lonauth.pm	Fri Dec 20 14:54:34 2013
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # User Authentication Module
 #
-# $Id: lonauth.pm,v 1.128 2013/11/26 01:19:12 raeburn Exp $
+# $Id: lonauth.pm,v 1.129 2013/12/20 14:54:34 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -169,22 +169,31 @@
     }
 
     my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args);
-    my $uname = $form->{'uname'};
-    my $udom;
-    if (&Apache::lonnet::domain($form->{'udom'},'description') ne '') {
-        $udom = $form->{'udom'};
+    my $uname = &Apache::loncommon::cleanup_html($form->{'uname'});
+    my $udom = &Apache::loncommon::cleanup_html($form->{'udom'});
+    if (&Apache::lonnet::domain($udom,'description') eq '') {
+        undef($udom);
     }  
-    my $retry = '/adm/login?username='.$form->{'uname'};
+    my $retry = '/adm/login';
+    if ($uname eq $form->{'uname'}) {
+        $retry .= '?username='.$uname;
+    }
     if ($udom) {
-        $retry .= '&domain='.$form->{'udom'}
+        $retry .= (($retry=~/\?/)?'&':'?').'domain='.$udom;
     }
     if (exists($form->{role})) {
-        $retry .= '&role='.$form->{role};
+        my $role = &Apache::loncommon::cleanup_html($form->{role});
+        if ($role ne '') { 
+            $retry .= (($retry=~/\?/)?'&':'?').'role='.$role;
+        }
     }
     if (exists($form->{symb})) {
-        $retry .= '&symb='.$form->{symb};
+        my $symb = &Apache::loncommon::cleanup_html($form->{symb});
+        if ($symb ne '') {
+            $retry .= (($retry=~/\?/)?'&':'?').'symb='.$symb;
+        }
     }
-    my $end_page   = &Apache::loncommon::end_page();
+    my $end_page = &Apache::loncommon::end_page();
     &Apache::loncommon::content_type($r,'text/html');
     $r->send_http_header;
     my $loginhelp = &loginhelpdisplay($udom);


