Bug 12398: Fix CAS authentication validation

CGI::url_param() also returns deleted parameters so we have to check
with CGI::param() too.

Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Took a while to get it working, but I can confirm CAS login is not
working without this patch, but does with it.

Some notes:
In order for this to work you have to add http:// in front of your
OpacBaseURL.
You will also need a CAS test server and install the certificate
on your system.

Tested with CAS test server provided by Biblibre.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>

diff --git a/C4/Auth_with_cas.pm b/C4/Auth_with_cas.pm
index 69e510f..17e43e4 100644 (file)
--- a/C4/Auth_with_cas.pm
+++ b/C4/Auth_with_cas.pm
@@ -203,9 +203,13 @@ sub _url_with_get_params {
     my $uri_base_part = C4::Context->preference('OPACBaseURL') . $query->script_name();
     my $uri_params_part = '';
     foreach ( $query->url_param() ) {
-        $uri_params_part .= '&' if $uri_params_part;
-        $uri_params_part .= $_ . '=';
-        $uri_params_part .= URI::Escape::uri_escape( $query->url_param($_) );
+        # url_param() always returns parameters that were deleted by delete()
+        # This additional check ensure that parameter was not deleted.
+        if ($query->param($_)) {
+            $uri_params_part .= '&' if $uri_params_part;
+            $uri_params_part .= $_ . '=';
+            $uri_params_part .= URI::Escape::uri_escape( $query->param($_) );
+        }
     }
     $uri_base_part .= '?' if $uri_params_part;