From 67255b58ec3fced80e935cee1bffc170aede0704 Mon Sep 17 00:00:00 2001 From: Petr Skoda Date: Wed, 24 Mar 2010 08:11:47 +0000 Subject: [PATCH] MDL-21802 backporting patch for vulnerability in CAS client library --- auth/cas/CAS/client.php | 25 ++++++++++++++++--------- auth/cas/CAS/readme_moodle.txt | 7 +++++++ 2 files changed, 23 insertions(+), 9 deletions(-) create mode 100644 auth/cas/CAS/readme_moodle.txt diff --git a/auth/cas/CAS/client.php b/auth/cas/CAS/client.php index 9922a46f55c..61843760540 100644 --- a/auth/cas/CAS/client.php +++ b/auth/cas/CAS/client.php @@ -1994,15 +1994,22 @@ class CASClient } } - $final_uri .= strtok($_SERVER['REQUEST_URI'],"?"); - $cgi_params = '?'.strtok("?"); - // remove the ticket if present in the CGI parameters - $cgi_params = preg_replace('/&ticket=[^&]*/','',$cgi_params); - $cgi_params = preg_replace('/\?ticket=[^&;]*/','?',$cgi_params); - $cgi_params = preg_replace('/\?%26/','?',$cgi_params); - $cgi_params = preg_replace('/\?&/','?',$cgi_params); - $cgi_params = preg_replace('/\?$/','',$cgi_params); - $final_uri .= $cgi_params; + $baseurl = split("\?", $_SERVER['REQUEST_URI'], 2); + $final_uri .= $baseurl[0]; + $query_string = ''; + if ($_GET) { + $kv = array(); + foreach ($_GET as $key => $value) { + if($key !== "ticket"){ + $kv[] = urlencode($key). "=" . urlencode($value); + } + } + $query_string = join("&", $kv); + } + if($query_string){ + $final_uri .= "?" . $query_string; + } + $this->setURL($final_uri); } phpCAS::traceEnd($this->_url); diff --git a/auth/cas/CAS/readme_moodle.txt b/auth/cas/CAS/readme_moodle.txt new file mode 100644 index 00000000000..a830c391dfc --- /dev/null +++ b/auth/cas/CAS/readme_moodle.txt @@ -0,0 +1,7 @@ +PHP CAS library import + +List of changes: +1/ backported fix for: http://www.ja-sig.org/issues/browse/PHPCAS-52 (MDL-21802) + + +skodak -- 2.11.4.GIT