Commit 8596b339 authored by Xavier Guimard's avatar Xavier Guimard

Use build_urlencoded everywhere (#1461)

parent 4246c5f2
......@@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::Auth::Facebook;
use strict;
use Mouse;
use URI::Escape;
use Lemonldap::NG::Common::FormEncode;
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_ERROR PE_BADCREDENTIALS);
use utf8;
......@@ -160,14 +161,17 @@ sub fb {
my $fb;
my $sep = '?';
my $ret = $conf->{portal};
my %prm;
foreach my $v ( [ $req->datas->{_url}, "url" ],
[ $req->param( $conf->{authChoiceParam} ), $conf->{authChoiceParam} ] )
{
if ( $v->[0] ) {
$ret .= "$sep$v->[1]=$v->[0]";
$sep = '&';
$prm{ $v->[1] } = $v->[0];
}
}
if (%prm) {
$ret .= '?' . build_urlencoded(%prm);
}
eval {
$fb = Net::Facebook::Oauth2->new(
......
......@@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::Auth::SAML;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Lib::SAML;
use Lemonldap::NG::Common::FormEncode;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_CONFIRM
PE_LOGOUT_OK
......@@ -1431,11 +1432,8 @@ sub getIDP {
my $cdc_reader_url = $self->conf->{samlCommonDomainCookieReader};
$cdc_reader_url .= (
$self->conf->{samlCommonDomainCookieReader} =~ /\?/
? '&u->confrl=' . $return_url
: '?url=' . $return_url
);
$cdc_reader_url .= ( $cdc_reader_url =~ /\?/ ? '&' : '?' )
. build_urlencoded( url => $return_url );
$self->logger->debug("Redirect user to $cdc_reader_url");
......
......@@ -8,6 +8,7 @@ package Lemonldap::NG::Portal::CDC;
use strict;
use Mouse;
use MIME::Base64;
use Lemonldap::NG::Common::FormEncode;
our $VERSION = '2.0.0';
......@@ -153,9 +154,12 @@ sub handler {
$urldc .= (
$cdc_idp
? (
$urldc =~ /\?/
? ( $self->{oldStyleUrl} ? '&' : ';' ) . 'idp=' . $cdc_idp
: '?idp=' . $cdc_idp
(
$urldc =~ /\?/
? ( $self->{oldStyleUrl} ? '&' : ';' )
: '?'
)
. build_urlencoded( idp => $cdc_idp )
)
: ''
);
......
......@@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::Issuer::CAS;
use strict;
use Mouse;
use URI;
use Lemonldap::NG::Common::FormEncode;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_CAS_SERVICE_NOT_ALLOWED
PE_CONFIRM
......@@ -215,11 +216,8 @@ sub run {
# Redirect to service
my $service_url = $service;
$service_url .= (
$service =~ /\?/
? '&ticket=' . $casServiceTicket
: '?ticket=' . $casServiceTicket
);
$service_url .= ( $service =~ /\?/ ? '&' : '?' )
. build_urlencoded( ticket => $casServiceTicket );
$self->logger->debug("Redirect user to $service_url");
......
......@@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::Issuer::Get;
use strict;
use Mouse;
use URI::Escape;
use Lemonldap::NG::Common::FormEncode;
use Lemonldap::NG::Portal::Main::Constants qw(PE_OK PE_BADURL);
our $VERSION = '2.0.0';
......@@ -50,7 +51,7 @@ sub computeGetParams {
my ( $self, $req ) = @_;
# Additional GET variables
my @getPrms;
my %getPrms;
if ( exists $self->conf->{issuerDBGetParameters} ) {
unless ( $req->urldc =~ m#^https?://([^/]+)# ) {
$self->logger->error("Malformed url $req->urldc");
......@@ -63,22 +64,16 @@ sub computeGetParams {
return '';
}
foreach my $param ( keys %$prms ) {
my $value =
eval { uri_escape( $req->{sessionInfo}->{ $prms->{$param} } ) };
if ($@) {
$self->logger->error(
"IssuerGet: unable to compute $param ($@)");
return;
}
my $value = $req->{sessionInfo}->{ $prms->{$param} };
$value =~ s/[\r\n\t]//;
push @getPrms, "$param=$value";
$getPrms{$param} = $value;
}
}
else {
$self->logger->warn("IssuerGet: no configuration");
return;
}
my $getVars = join '&', @getPrms;
my $getVars = build_urlencoded(%getPrms);
# If there are some GET variables to send
# Add them to URL string
......
......@@ -306,7 +306,9 @@ sub callPgtUrl {
# Build URL
my $url =
$pgtUrl . ( $pgtUrl =~ /\?/ ? '&' : '?' ) . "pgtIou=$pgtIou&pgtId=$pgtId";
$pgtUrl
. ( $pgtUrl =~ /\?/ ? '&' : '?' )
. build_urlencoded( pgtIou => $pgtIou, pgtId => $pgtId );
$self->logger->debug("Call URL $url");
......@@ -341,12 +343,15 @@ sub validateST {
my $proxy_url;
if (%$proxied) {
$proxy_url = $self->p->fullUrl($req);
# TODO: @coudot: why die here without any message ?
die if ( $proxy_url =~ /casProxy=1/ );
$proxy_url .= ( $proxy_url =~ /\?/ ? '&' : '?' ) . 'casProxy=1';
if ( $self->conf->{authChoiceParam}
and my $tmp = $req->param( $self->conf->{authChoiceParam} ) )
{
$proxy_url .= '&' . $self->conf->{authChoiceParam} . "=$tmp";
$proxy_url .=
'&' . build_urlencoded( $self->conf->{authChoiceParam} => $tmp );
}
$self->logger->debug("CAS Proxy URL: $proxy_url");
......
......@@ -415,8 +415,12 @@ sub check_password {
my $sth = $self->dbh->prepare(
"SELECT $loginCol FROM $table WHERE $loginCol=? AND $passwordCol=$passwordsql"
);
$sth->execute( $user, $password ) if $passwordsql =~ /.*\?.*/;
$sth->execute($user) unless $passwordsql =~ /.*\?.*/;
if ( $passwordsql =~ /.*\?.*/ ) {
$sth->execute( $user, $password );
}
else {
$sth->execute($user);
}
@rows = $sth->fetchrow_array();
};
if ($@) {
......
......@@ -5,6 +5,7 @@ use Mouse;
use Lemonldap::NG::Common::Conf::SAML::Metadata;
use Lemonldap::NG::Common::Session;
use Lemonldap::NG::Common::UserAgent;
use Lemonldap::NG::Common::FormEncode;
use XML::Simple;
use MIME::Base64;
use String::Random;
......@@ -2548,7 +2549,10 @@ sub sendLogoutRequestToProvider {
my $relayID = $relayInfos->id;
# Build the URL that could be used to play this logout request
my $slo_url = $portal . '/saml/relaySingleLogoutPOST?relay=' . $relayID;
my $slo_url =
$portal
. '/saml/relaySingleLogoutPOST?'
. build_urlencoded( relay => $relayID );
# Create iFrame
$info .= $self->loadTemplate(
......@@ -2586,7 +2590,9 @@ sub sendLogoutRequestToProvider {
# Build the URL that could be used to play this logout request
my $slo_url =
$portal . '/saml/relaySingleLogoutSOAP?relay=' . $relayID;
$portal
. '/saml/relaySingleLogoutSOAP?'
. build_urlencoded( relay => $relayID );
# Display information to the user
$info .= $self->loadTemplate(
......
......@@ -11,6 +11,7 @@ use strict;
use Mouse;
use MIME::Base64;
use IO::String;
use Lemonldap::NG::Common::FormEncode;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_OK
PE_RENEWSESSION
......@@ -80,7 +81,8 @@ sub _redirect {
$ir, '' );
$req->{urldc} = $self->conf->{portal};
$req->{urldc} =~ s#/*$##;
$req->{urldc} .= $req->path . "?issuerRequest$self->{path}=$ir";
$req->{urldc} .= $req->path . '?'
. build_urlencoded( "issuerRequest$self->{path}" => $ir );
$self->p->setHiddenFormValue( $req, 'issuerUrldc', $req->urldc, '', 0 );
if ( my $t = $req->param( 'issuerRequest' . $self->path ) ) {
......@@ -162,10 +164,10 @@ qq'<script type="text/javascript" src="$self->{p}->{staticPrefix}/common/js/auto
if ( $self->conf->{skipRenewConfirmation} );
$req->datas->{_url} = encode_base64(
$self->conf->{portal}
. $req->path_info
. '?issuerRequest'
. $self->path . '='
. $self->storeRequest($req),
. $req->path_info . '?'
. build_urlencoded(
"issuerRequest$self->{path}" => $self->storeRequest($req)
),
''
);
return PE_RENEWSESSION;
......
......@@ -44,8 +44,12 @@ sub modifyPassword {
eval {
my $sth = $self->dbh->prepare(
"UPDATE $table SET $passwordCol=$passwordsql WHERE $userCol=?");
$sth->execute( $pwd, $req->user ) if $passwordsql =~ /.*\?.*/;
$sth->execute( $req->user ) unless $passwordsql =~ /.*\?.*/;
if ( $passwordsql =~ /.*\?.*/ ) {
$sth->execute( $pwd, $req->user );
}
else {
$sth->execute( $req->user );
}
};
if ($@) {
......
......@@ -4,6 +4,7 @@ use strict;
use Encode;
use Mouse;
use POSIX qw(strftime);
use Lemonldap::NG::Common::FormEncode;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_BADCREDENTIALS
PE_BADMAILTOKEN
......@@ -289,16 +290,18 @@ sub _reset {
# Build confirmation url
my $url =
$self->conf->{mailUrl}
. "?mail_token="
. $req->{id}
. '&skin='
. $self->p->getSkin($req);
$url .= '&'
. $self->conf->{authChoiceParam} . '='
. $req->datas->{_authChoice}
if ( $req->datas->{_authChoice} );
$url .= '&url=' . $req->datas->{_url} if ( $req->datas->{_url} );
$self->conf->{mailUrl} . '?'
. build_urlencoded(
mail_token => $req->{id},
skin => $self->p->getSkin($req),
(
$req->datas->{_authChoice}
? ( $self->conf->{authChoiceParam} =>
$req->datas->{_authChoice} )
: ()
),
( $req->datas->{_url} ? ( url => $req->datas->{_url} ) : () ),
);
# Build mail content
my $tr = $self->translate($req);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment