Paul, I believe you actually need to urlencode the URL you are passing as a parameter.
For instance, http://www.example.com/index.php?foo=bar becomes http%3A%2F%2Fwww.example.com%2Findex.php%3Ffoo%3Dbar (see PHP's urlencode/urldecode functions) -Phil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Ortman Sent: Monday, September 03, 2007 9:25 AM To: Yale CAS mailing list Subject: phpCAS bug in URL parsing second question mark? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In CASifying a couple of applications we came across a situation where the URL being sent to the CAS server from the client (which was using phpCAS-0.5.1-1) was being truncated and not including a couple of parameters past as part of the original get. I tracked it down to the client.php file and made this fix: - --- source/client.php 2007-07-06 14:53:52.000000000 -0400 +++ /usr/share/php/CAS/client.php 2007-08-31 17:47:54.000000000 -0400 @@ -2047,8 +1984,11 @@ } } $final_uri .= strtok($_SERVER['REQUEST_URI'],"?"); - - $cgi_params = '?'.strtok("?"); + $cgi_params = strstr($_SERVER['REQUEST_URI'],"?"); // remove the ticket if present in the CGI parameters $cgi_params = preg_replace('/&ticket=[^&]*/','',$cgi_params); $cgi_params = preg_replace('/\?ticket=[^&;]*/','?',$cgi_params); The complexity we have results from the fact that one of the cgi_params is itself a full URI that has a GET in it. As a result, the the line I changed was only passing on params up to the second '?' in the original URI. I simply changed the behavior to make the cgi_params contain everything in the string from the first '?' to the end of the string. This was the behavior with the original line in most cases, except those that contained a second '?'. Now, my question is, "Was this change really simplistic and foolish?" Everything we're throwing at it seems to function correctly and it solves the immediate problems, but it feels like it could introduce some unexpected behavior. Any thoughts? - -- Paul Ortman PGP Key: 55602C81 - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG3AtGfw8KGlVgLIERAlq8AKCK2RyiA9aVYO+wM83LPF+PtbsbGACfYvT+ vbTFbpB7lXO+2Rd/yn1iPk8= =EeBO -----END PGP SIGNATURE----- _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
