[LON-CAPA-cvs] cvs: loncom /auth lonlogin.pm
raeburn
raeburn at source.lon-capa.org
Wed Jun 1 08:12:32 EDT 2022
raeburn Wed Jun 1 12:12:32 2022 EDT
Modified files:
/loncom/auth lonlogin.pm
Log:
- Bug 6907
Stop deep-linked items escaping iframe context, if LTI link protection in
effect, but user needs to authenticate, and login page supports dual SSO
and non-SSO login.
Index: loncom/auth/lonlogin.pm
diff -u loncom/auth/lonlogin.pm:1.197 loncom/auth/lonlogin.pm:1.198
--- loncom/auth/lonlogin.pm:1.197 Fri May 27 01:36:08 2022
+++ loncom/auth/lonlogin.pm Wed Jun 1 12:12:32 2022
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Login Screen
#
-# $Id: lonlogin.pm,v 1.197 2022/05/27 01:36:08 raeburn Exp $
+# $Id: lonlogin.pm,v 1.198 2022/06/01 12:12:32 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -443,7 +443,8 @@
} else {
$tokenextras .= '&'.$name.'='.&escape($env{'form.'.$name});
if (($name eq 'linkkey') || ($name eq 'linkprot')) {
- if (($env{'form.retry'}) && (!$env{'form.ltoken'}) && ($name eq 'linkprot')) {
+ if ((($env{'form.retry'}) || ($env{'form.sso'})) &&
+ (!$env{'form.ltoken'}) && ($name eq 'linkprot')) {
$linkprot_for_login = $env{'form.linkprot'};
}
$tokentype = 'link';
@@ -907,7 +908,7 @@
my ($linkprotector,$linkproturi) = split(/:/,$linkprot_for_login,2);
if (($linkprotector =~ /^\d+(c|d)$/) && ($linkproturi =~ m{^/+tiny/+$LONCAPA::match_domain/+\w+$})) {
my $set_target;
- if ($env{'form.retry'}) {
+ if (($env{'form.retry'}) || ($env{'form.sso'})) {
if ($linkproturi eq $env{'form.firsturl'}) {
$set_target = " document.server.target = '_self';";
}
More information about the LON-CAPA-cvs
mailing list