[LON-CAPA-cvs] cvs: loncom /auth lonlogin.pm
raeburn
raeburn at source.lon-capa.org
Wed Oct 6 15:28:55 EDT 2021
raeburn Wed Oct 6 19:28:55 2021 EDT
Modified files:
/loncom/auth lonlogin.pm
Log:
- Use URI::Escape to encode firsturl in query string, and only use
HTML::Entities for single quotes.
Index: loncom/auth/lonlogin.pm
diff -u loncom/auth/lonlogin.pm:1.187 loncom/auth/lonlogin.pm:1.188
--- loncom/auth/lonlogin.pm:1.187 Tue Sep 28 21:16:07 2021
+++ loncom/auth/lonlogin.pm Wed Oct 6 19:28:55 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Login Screen
#
-# $Id: lonlogin.pm,v 1.187 2021/09/28 21:16:07 raeburn Exp $
+# $Id: lonlogin.pm,v 1.188 2021/10/06 19:28:55 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -38,6 +38,8 @@
use Apache::migrateuser();
use lib '/home/httpd/lib/perl/';
use LONCAPA qw(:DEFAULT :match);
+use URI::Escape;
+use HTML::Entities();
use CGI::Cookie();
sub handler {
@@ -111,7 +113,6 @@
}
my $lonhost = $r->dir_config('lonHostID');
- $env{'form.firsturl'} =~ s/(`)/'/g;
# Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer)
@@ -123,7 +124,12 @@
$protocol = 'http' if ($protocol ne 'https');
my $dest = '/adm/roles';
if ($env{'form.firsturl'} ne '') {
- $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&');
+ if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
+ $dest = &uri_escape_utf8($env{'form.firsturl'});
+ } else {
+ $dest = &uri_escape($env{'form.firsturl'});
+ }
+ $dest = &HTML::Entities::encode($dest,"'");
}
my %info = (
balcookie => $lonhost.':'.$balancer_cookie,
@@ -203,7 +209,12 @@
&Apache::loncommon::end_page();
my $dest = '/adm/roles';
if ($env{'form.firsturl'} ne '') {
- $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&');
+ if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
+ $dest = &uri_escape_utf8($env{'form.firsturl'});
+ } else {
+ $dest = &uri_escape($env{'form.firsturl'});
+ }
+ $dest = &HTML::Entities::encode($dest,"'");
}
if (($env{'form.ltoken'}) || ($linkprot)) {
unless ($linkprot) {
@@ -796,8 +807,14 @@
$ssologin = $samlssourl;
}
if ($env{'form.firsturl'} ne '') {
- $ssologin .= (($ssologin=~/\?/)?'&':'?') .
- 'origurl='.&HTML::Entities::encode($env{'form.firsturl'},'\'<>&"');
+ my $querystring;
+ if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
+ $querystring = &uri_escape_utf8($env{'form.firsturl'});
+ } else {
+ $querystring = &uri_escape($env{'form.firsturl'});
+ }
+ $querystring = &HTML::Entities::encode($querystring,"'");
+ $ssologin .= (($ssologin=~/\?/)?'&':'?') . $querystring;
}
my $ssohref;
if ($samlssoimg ne '') {
@@ -1022,7 +1039,14 @@
}
my $url = $protocol.'://'.$hostname.$path;
if ($env{'form.firsturl'} ne '') {
- $url .='?firsturl='.&HTML::Entities::encode($env{'form.firsturl'},'\'"<>&');;
+ my $querystring;
+ if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
+ $querystring = &uri_escape_utf8($env{'form.firsturl'});
+ } else {
+ $querystring = &uri_escape($env{'form.firsturl'});
+ }
+ $querystring = &HTML::Entities::encode($querystring,"'");
+ $url .='?firsturl='.$querystring
}
if ($linkprot) {
my $ltoken = &Apache::lonnet::tmpput({linkprot => $linkprot},$desthost);
More information about the LON-CAPA-cvs
mailing list