--- loncom/auth/lonlogin.pm 2021/09/28 20:47:46 1.186
+++ loncom/auth/lonlogin.pm 2021/10/06 19:28:55 1.188
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Login Screen
#
-# $Id: lonlogin.pm,v 1.186 2021/09/28 20:47:46 raeburn Exp $
+# $Id: lonlogin.pm,v 1.188 2021/10/06 19:28:55 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -38,6 +38,8 @@ use Apache::lonlocal;
use Apache::migrateuser();
use lib '/home/httpd/lib/perl/';
use LONCAPA qw(:DEFAULT :match);
+use URI::Escape;
+use HTML::Entities();
use CGI::Cookie();
sub handler {
@@ -111,7 +113,6 @@ sub handler {
}
my $lonhost = $r->dir_config('lonHostID');
- $env{'form.firsturl'} =~ s/(`)/'/g;
# Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer)
@@ -123,7 +124,12 @@ sub handler {
$protocol = 'http' if ($protocol ne 'https');
my $dest = '/adm/roles';
if ($env{'form.firsturl'} ne '') {
- $dest = $env{'form.firsturl'};
+ if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
+ $dest = &uri_escape_utf8($env{'form.firsturl'});
+ } else {
+ $dest = &uri_escape($env{'form.firsturl'});
+ }
+ $dest = &HTML::Entities::encode($dest,"'");
}
my %info = (
balcookie => $lonhost.':'.$balancer_cookie,
@@ -141,7 +147,7 @@ sub handler {
}
my $balancer_token = &Apache::lonnet::tmpput(\%info,$found_server);
if ($balancer_token) {
- $dest .= (($dest=~/\?/)?'&;':'?') . 'btoken='.$balancer_token;
+ $dest .= (($dest=~/\?/)?'&':'?') . 'btoken='.$balancer_token;
}
unless ($found_server eq $lonhost) {
my $alias = &Apache::lonnet::use_proxy_alias($r,$found_server);
@@ -203,7 +209,12 @@ sub handler {
&Apache::loncommon::end_page();
my $dest = '/adm/roles';
if ($env{'form.firsturl'} ne '') {
- $dest = $env{'form.firsturl'};
+ if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
+ $dest = &uri_escape_utf8($env{'form.firsturl'});
+ } else {
+ $dest = &uri_escape($env{'form.firsturl'});
+ }
+ $dest = &HTML::Entities::encode($dest,"'");
}
if (($env{'form.ltoken'}) || ($linkprot)) {
unless ($linkprot) {
@@ -795,15 +806,22 @@ HEADER
if ($samlssourl ne '') {
$ssologin = $samlssourl;
}
+ if ($env{'form.firsturl'} ne '') {
+ my $querystring;
+ if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
+ $querystring = &uri_escape_utf8($env{'form.firsturl'});
+ } else {
+ $querystring = &uri_escape($env{'form.firsturl'});
+ }
+ $querystring = &HTML::Entities::encode($querystring,"'");
+ $ssologin .= (($ssologin=~/\?/)?'&':'?') . $querystring;
+ }
my $ssohref;
if ($samlssoimg ne '') {
$ssohref = '';
} else {
$ssohref = ''.$samlssotext.'';
}
- if ($env{'form.firsturl'}) {
- $ssologin .= '?origurl='.&HTML::Entities::encode($env{'form.firsturl'},'<>&"');
- }
if (($env{'form.saml'} eq 'no') ||
(($env{'form.username'} ne '') && ($env{'form.domain'} ne ''))) {
$ssoauthstyle = 'none';
@@ -1021,12 +1039,19 @@ sub redirect_page {
}
my $url = $protocol.'://'.$hostname.$path;
if ($env{'form.firsturl'} ne '') {
- $url .='?firsturl='.$env{'form.firsturl'};
+ my $querystring;
+ if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
+ $querystring = &uri_escape_utf8($env{'form.firsturl'});
+ } else {
+ $querystring = &uri_escape($env{'form.firsturl'});
+ }
+ $querystring = &HTML::Entities::encode($querystring,"'");
+ $url .='?firsturl='.$querystring
}
if ($linkprot) {
my $ltoken = &Apache::lonnet::tmpput({linkprot => $linkprot},$desthost);
if ($ltoken) {
- $url .= (($url =~ /\?/) ? '&' : '?').'ltoken='.$ltoken;
+ $url .= (($url =~ /\?/) ? '&' : '?').'ltoken='.$ltoken;
}
}
my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,