Commit 8596b339 authored by Xavier Guimard's avatar Xavier Guimard

Use build_urlencoded everywhere (#1461)

parent 4246c5f2
...@@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::Auth::Facebook; ...@@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::Auth::Facebook;
use strict; use strict;
use Mouse; use Mouse;
use URI::Escape; use URI::Escape;
use Lemonldap::NG::Common::FormEncode;
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR PE_BADCREDENTIALS); use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR PE_BADCREDENTIALS);
use utf8; use utf8;
...@@ -160,14 +161,17 @@ sub fb { ...@@ -160,14 +161,17 @@ sub fb {
my $fb; my $fb;
my $sep = '?'; my $sep = '?';
my $ret = $conf->{portal}; my $ret = $conf->{portal};
my %prm;
foreach my $v ( [ $req->datas->{_url}, "url" ], foreach my $v ( [ $req->datas->{_url}, "url" ],
[ $req->param( $conf->{authChoiceParam} ), $conf->{authChoiceParam} ] ) [ $req->param( $conf->{authChoiceParam} ), $conf->{authChoiceParam} ] )
{ {
if ( $v->[0] ) { if ( $v->[0] ) {
$ret .= "$sep$v->[1]=$v->[0]"; $prm{ $v->[1] } = $v->[0];
$sep = '&';
} }
} }
if (%prm) {
$ret .= '?' . build_urlencoded(%prm);
}
eval { eval {
$fb = Net::Facebook::Oauth2->new( $fb = Net::Facebook::Oauth2->new(
......
...@@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::Auth::SAML; ...@@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::Auth::SAML;
use strict; use strict;
use Mouse; use Mouse;
use Lemonldap::NG::Portal::Lib::SAML; use Lemonldap::NG::Portal::Lib::SAML;
use Lemonldap::NG::Common::FormEncode;
use Lemonldap::NG::Portal::Main::Constants qw( use Lemonldap::NG::Portal::Main::Constants qw(
PE_CONFIRM PE_CONFIRM
PE_LOGOUT_OK PE_LOGOUT_OK
...@@ -1431,11 +1432,8 @@ sub getIDP { ...@@ -1431,11 +1432,8 @@ sub getIDP {
my $cdc_reader_url = $self->conf->{samlCommonDomainCookieReader}; my $cdc_reader_url = $self->conf->{samlCommonDomainCookieReader};
$cdc_reader_url .= ( $cdc_reader_url .= ( $cdc_reader_url =~ /\?/ ? '&' : '?' )
$self->conf->{samlCommonDomainCookieReader} =~ /\?/ . build_urlencoded( url => $return_url );
? '&u->confrl=' . $return_url
: '?url=' . $return_url
);
$self->logger->debug("Redirect user to $cdc_reader_url"); $self->logger->debug("Redirect user to $cdc_reader_url");
......
...@@ -8,6 +8,7 @@ package Lemonldap::NG::Portal::CDC; ...@@ -8,6 +8,7 @@ package Lemonldap::NG::Portal::CDC;
use strict; use strict;
use Mouse; use Mouse;
use MIME::Base64; use MIME::Base64;
use Lemonldap::NG::Common::FormEncode;
our $VERSION = '2.0.0'; our $VERSION = '2.0.0';
...@@ -153,9 +154,12 @@ sub handler { ...@@ -153,9 +154,12 @@ sub handler {
$urldc .= ( $urldc .= (
$cdc_idp $cdc_idp
? ( ? (
$urldc =~ /\?/ (
? ( $self->{oldStyleUrl} ? '&' : ';' ) . 'idp=' . $cdc_idp $urldc =~ /\?/
: '?idp=' . $cdc_idp ? ( $self->{oldStyleUrl} ? '&' : ';' )
: '?'
)
. build_urlencoded( idp => $cdc_idp )
) )
: '' : ''
); );
......
...@@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::Issuer::CAS; ...@@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::Issuer::CAS;
use strict; use strict;
use Mouse; use Mouse;
use URI; use URI;
use Lemonldap::NG::Common::FormEncode;
use Lemonldap::NG::Portal::Main::Constants qw( use Lemonldap::NG::Portal::Main::Constants qw(
PE_CAS_SERVICE_NOT_ALLOWED PE_CAS_SERVICE_NOT_ALLOWED
PE_CONFIRM PE_CONFIRM
...@@ -215,11 +216,8 @@ sub run { ...@@ -215,11 +216,8 @@ sub run {
# Redirect to service # Redirect to service
my $service_url = $service; my $service_url = $service;
$service_url .= ( $service_url .= ( $service =~ /\?/ ? '&' : '?' )
$service =~ /\?/ . build_urlencoded( ticket => $casServiceTicket );
? '&ticket=' . $casServiceTicket
: '?ticket=' . $casServiceTicket
);
$self->logger->debug("Redirect user to $service_url"); $self->logger->debug("Redirect user to $service_url");
......
...@@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::Issuer::Get; ...@@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::Issuer::Get;
use strict; use strict;
use Mouse; use Mouse;
use URI::Escape; use URI::Escape;
use Lemonldap::NG::Common::FormEncode;
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_BADURL); use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_BADURL);
our $VERSION = '2.0.0'; our $VERSION = '2.0.0';
...@@ -50,7 +51,7 @@ sub computeGetParams { ...@@ -50,7 +51,7 @@ sub computeGetParams {
my ( $self, $req ) = @_; my ( $self, $req ) = @_;
# Additional GET variables # Additional GET variables
my @getPrms; my %getPrms;
if ( exists $self->conf->{issuerDBGetParameters} ) { if ( exists $self->conf->{issuerDBGetParameters} ) {
unless ( $req->urldc =~ m#^https?://([^/]+)# ) { unless ( $req->urldc =~ m#^https?://([^/]+)# ) {
$self->logger->error("Malformed url $req->urldc"); $self->logger->error("Malformed url $req->urldc");
...@@ -63,22 +64,16 @@ sub computeGetParams { ...@@ -63,22 +64,16 @@ sub computeGetParams {
return ''; return '';
} }
foreach my $param ( keys %$prms ) { foreach my $param ( keys %$prms ) {
my $value = my $value = $req->{sessionInfo}->{ $prms->{$param} };
eval { uri_escape( $req->{sessionInfo}->{ $prms->{$param} } ) };
if ($@) {
$self->logger->error(
"IssuerGet: unable to compute $param ($@)");
return;
}
$value =~ s/[\r\n\t]//; $value =~ s/[\r\n\t]//;
push @getPrms, "$param=$value"; $getPrms{$param} = $value;
} }
} }
else { else {
$self->logger->warn("IssuerGet: no configuration"); $self->logger->warn("IssuerGet: no configuration");
return; return;
} }
my $getVars = join '&', @getPrms; my $getVars = build_urlencoded(%getPrms);
# If there are some GET variables to send # If there are some GET variables to send
# Add them to URL string # Add them to URL string
......
...@@ -306,7 +306,9 @@ sub callPgtUrl { ...@@ -306,7 +306,9 @@ sub callPgtUrl {
# Build URL # Build URL
my $url = my $url =
$pgtUrl . ( $pgtUrl =~ /\?/ ? '&' : '?' ) . "pgtIou=$pgtIou&pgtId=$pgtId"; $pgtUrl
. ( $pgtUrl =~ /\?/ ? '&' : '?' )
. build_urlencoded( pgtIou => $pgtIou, pgtId => $pgtId );
$self->logger->debug("Call URL $url"); $self->logger->debug("Call URL $url");
...@@ -341,12 +343,15 @@ sub validateST { ...@@ -341,12 +343,15 @@ sub validateST {
my $proxy_url; my $proxy_url;
if (%$proxied) { if (%$proxied) {
$proxy_url = $self->p->fullUrl($req); $proxy_url = $self->p->fullUrl($req);
# TODO: @coudot: why die here without any message ?
die if ( $proxy_url =~ /casProxy=1/ ); die if ( $proxy_url =~ /casProxy=1/ );
$proxy_url .= ( $proxy_url =~ /\?/ ? '&' : '?' ) . 'casProxy=1'; $proxy_url .= ( $proxy_url =~ /\?/ ? '&' : '?' ) . 'casProxy=1';
if ( $self->conf->{authChoiceParam} if ( $self->conf->{authChoiceParam}
and my $tmp = $req->param( $self->conf->{authChoiceParam} ) ) and my $tmp = $req->param( $self->conf->{authChoiceParam} ) )
{ {
$proxy_url .= '&' . $self->conf->{authChoiceParam} . "=$tmp"; $proxy_url .=
'&' . build_urlencoded( $self->conf->{authChoiceParam} => $tmp );
} }
$self->logger->debug("CAS Proxy URL: $proxy_url"); $self->logger->debug("CAS Proxy URL: $proxy_url");
......
...@@ -415,8 +415,12 @@ sub check_password { ...@@ -415,8 +415,12 @@ sub check_password {
my $sth = $self->dbh->prepare( my $sth = $self->dbh->prepare(
"SELECT $loginCol FROM $table WHERE $loginCol=? AND $passwordCol=$passwordsql" "SELECT $loginCol FROM $table WHERE $loginCol=? AND $passwordCol=$passwordsql"
); );
$sth->execute( $user, $password ) if $passwordsql =~ /.*\?.*/; if ( $passwordsql =~ /.*\?.*/ ) {
$sth->execute($user) unless $passwordsql =~ /.*\?.*/; $sth->execute( $user, $password );
}
else {
$sth->execute($user);
}
@rows = $sth->fetchrow_array(); @rows = $sth->fetchrow_array();
}; };
if ($@) { if ($@) {
......
...@@ -5,6 +5,7 @@ use Mouse; ...@@ -5,6 +5,7 @@ use Mouse;
use Lemonldap::NG::Common::Conf::SAML::Metadata; use Lemonldap::NG::Common::Conf::SAML::Metadata;
use Lemonldap::NG::Common::Session; use Lemonldap::NG::Common::Session;
use Lemonldap::NG::Common::UserAgent; use Lemonldap::NG::Common::UserAgent;
use Lemonldap::NG::Common::FormEncode;
use XML::Simple; use XML::Simple;
use MIME::Base64; use MIME::Base64;
use String::Random; use String::Random;
...@@ -2548,7 +2549,10 @@ sub sendLogoutRequestToProvider { ...@@ -2548,7 +2549,10 @@ sub sendLogoutRequestToProvider {
my $relayID = $relayInfos->id; my $relayID = $relayInfos->id;
# Build the URL that could be used to play this logout request # Build the URL that could be used to play this logout request
my $slo_url = $portal . '/saml/relaySingleLogoutPOST?relay=' . $relayID; my $slo_url =
$portal
. '/saml/relaySingleLogoutPOST?'
. build_urlencoded( relay => $relayID );
# Create iFrame # Create iFrame
$info .= $self->loadTemplate( $info .= $self->loadTemplate(
...@@ -2586,7 +2590,9 @@ sub sendLogoutRequestToProvider { ...@@ -2586,7 +2590,9 @@ sub sendLogoutRequestToProvider {
# Build the URL that could be used to play this logout request # Build the URL that could be used to play this logout request
my $slo_url = my $slo_url =
$portal . '/saml/relaySingleLogoutSOAP?relay=' . $relayID; $portal
. '/saml/relaySingleLogoutSOAP?'
. build_urlencoded( relay => $relayID );
# Display information to the user # Display information to the user
$info .= $self->loadTemplate( $info .= $self->loadTemplate(
......
...@@ -11,6 +11,7 @@ use strict; ...@@ -11,6 +11,7 @@ use strict;
use Mouse; use Mouse;
use MIME::Base64; use MIME::Base64;
use IO::String; use IO::String;
use Lemonldap::NG::Common::FormEncode;
use Lemonldap::NG::Portal::Main::Constants qw( use Lemonldap::NG::Portal::Main::Constants qw(
PE_OK PE_OK
PE_RENEWSESSION PE_RENEWSESSION
...@@ -80,7 +81,8 @@ sub _redirect { ...@@ -80,7 +81,8 @@ sub _redirect {
$ir, '' ); $ir, '' );
$req->{urldc} = $self->conf->{portal}; $req->{urldc} = $self->conf->{portal};
$req->{urldc} =~ s#/*$##; $req->{urldc} =~ s#/*$##;
$req->{urldc} .= $req->path . "?issuerRequest$self->{path}=$ir"; $req->{urldc} .= $req->path . '?'
. build_urlencoded( "issuerRequest$self->{path}" => $ir );
$self->p->setHiddenFormValue( $req, 'issuerUrldc', $req->urldc, '', 0 ); $self->p->setHiddenFormValue( $req, 'issuerUrldc', $req->urldc, '', 0 );
if ( my $t = $req->param( 'issuerRequest' . $self->path ) ) { if ( my $t = $req->param( 'issuerRequest' . $self->path ) ) {
...@@ -162,10 +164,10 @@ qq'<script type="text/javascript" src="$self->{p}->{staticPrefix}/common/js/auto ...@@ -162,10 +164,10 @@ qq'<script type="text/javascript" src="$self->{p}->{staticPrefix}/common/js/auto
if ( $self->conf->{skipRenewConfirmation} ); if ( $self->conf->{skipRenewConfirmation} );
$req->datas->{_url} = encode_base64( $req->datas->{_url} = encode_base64(
$self->conf->{portal} $self->conf->{portal}
. $req->path_info . $req->path_info . '?'
. '?issuerRequest' . build_urlencoded(
. $self->path . '=' "issuerRequest$self->{path}" => $self->storeRequest($req)
. $self->storeRequest($req), ),
'' ''
); );
return PE_RENEWSESSION; return PE_RENEWSESSION;
......
...@@ -44,8 +44,12 @@ sub modifyPassword { ...@@ -44,8 +44,12 @@ sub modifyPassword {
eval { eval {
my $sth = $self->dbh->prepare( my $sth = $self->dbh->prepare(
"UPDATE $table SET $passwordCol=$passwordsql WHERE $userCol=?"); "UPDATE $table SET $passwordCol=$passwordsql WHERE $userCol=?");
$sth->execute( $pwd, $req->user ) if $passwordsql =~ /.*\?.*/; if ( $passwordsql =~ /.*\?.*/ ) {
$sth->execute( $req->user ) unless $passwordsql =~ /.*\?.*/; $sth->execute( $pwd, $req->user );
}
else {
$sth->execute( $req->user );
}
}; };
if ($@) { if ($@) {
......
...@@ -4,6 +4,7 @@ use strict; ...@@ -4,6 +4,7 @@ use strict;
use Encode; use Encode;
use Mouse; use Mouse;
use POSIX qw(strftime); use POSIX qw(strftime);
use Lemonldap::NG::Common::FormEncode;
use Lemonldap::NG::Portal::Main::Constants qw( use Lemonldap::NG::Portal::Main::Constants qw(
PE_BADCREDENTIALS PE_BADCREDENTIALS
PE_BADMAILTOKEN PE_BADMAILTOKEN
...@@ -289,16 +290,18 @@ sub _reset { ...@@ -289,16 +290,18 @@ sub _reset {
# Build confirmation url # Build confirmation url
my $url = my $url =
$self->conf->{mailUrl} $self->conf->{mailUrl} . '?'
. "?mail_token=" . build_urlencoded(
. $req->{id} mail_token => $req->{id},
. '&skin=' skin => $self->p->getSkin($req),
. $self->p->getSkin($req); (
$url .= '&' $req->datas->{_authChoice}
. $self->conf->{authChoiceParam} . '=' ? ( $self->conf->{authChoiceParam} =>
. $req->datas->{_authChoice} $req->datas->{_authChoice} )
if ( $req->datas->{_authChoice} ); : ()
$url .= '&url=' . $req->datas->{_url} if ( $req->datas->{_url} ); ),
( $req->datas->{_url} ? ( url => $req->datas->{_url} ) : () ),
);
# Build mail content # Build mail content
my $tr = $self->translate($req); my $tr = $self->translate($req);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment