-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In CASifying a couple of applications we came across a situation where
the URL being sent to the CAS server from the client (which was using
phpCAS-0.5.1-1) was being truncated and not including a couple of
parameters past as part of the original get. I tracked it down to the
client.php file and made this fix:
- --- source/client.php 2007-07-06 14:53:52.000000000 -0400
+++ /usr/share/php/CAS/client.php 2007-08-31 17:47:54.000000000 -0400
@@ -2047,8 +1984,11 @@
}
}
$final_uri .= strtok($_SERVER['REQUEST_URI'],"?");
- - $cgi_params = '?'.strtok("?");
+ $cgi_params = strstr($_SERVER['REQUEST_URI'],"?");
// remove the ticket if present in the CGI parameters
$cgi_params = preg_replace('/&ticket=[^&]*/','',$cgi_params);
$cgi_params = preg_replace('/\?ticket=[^&;]*/','?',$cgi_params);
The complexity we have results from the fact that one of the cgi_params
is itself a full URI that has a GET in it. As a result, the the line I
changed was only passing on params up to the second '?' in the original
URI. I simply changed the behavior to make the cgi_params contain
everything in the string from the first '?' to the end of the string.
This was the behavior with the original line in most cases, except those
that contained a second '?'.
Now, my question is, "Was this change really simplistic and foolish?"
Everything we're throwing at it seems to function correctly and it
solves the immediate problems, but it feels like it could introduce some
unexpected behavior. Any thoughts?
- --
Paul Ortman
PGP Key: 55602C81
- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG3AtGfw8KGlVgLIERAlq8AKCK2RyiA9aVYO+wM83LPF+PtbsbGACfYvT+
vbTFbpB7lXO+2Rd/yn1iPk8=
=EeBO
-----END PGP SIGNATURE-----
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
