phpCAS bug in URL parsing second question mark?

Ames, Phillip phillip.ames at uconn.edu
Mon Sep 3 09:57:17 EDT 2007 

Paul,
I believe you actually need to urlencode the URL you are passing as a
parameter.

For instance,
http://www.example.com/index.php?foo=bar

becomes

http%3A%2F%2Fwww.example.com%2Findex.php%3Ffoo%3Dbar

(see PHP's urlencode/urldecode functions)

-Phil

-----Original Message-----
From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
On Behalf Of Paul Ortman
Sent: Monday, September 03, 2007 9:25 AM
To: Yale CAS mailing list
Subject: phpCAS bug in URL parsing second question mark?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In CASifying a couple of applications we came across a situation where
the URL being sent to the CAS server from the client (which was using
phpCAS-0.5.1-1) was being truncated and not including a couple of
parameters past as part of the original get.  I tracked it down to the
client.php file and made this fix:

- --- source/client.php   2007-07-06 14:53:52.000000000 -0400
+++ /usr/share/php/CAS/client.php       2007-08-31 17:47:54.000000000
-0400
@@ -2047,8 +1984,11 @@
            }
       }

          $final_uri .= strtok($_SERVER['REQUEST_URI'],"?");
- -         $cgi_params = '?'.strtok("?");
+         $cgi_params = strstr($_SERVER['REQUEST_URI'],"?");
          // remove the ticket if present in the CGI parameters
          $cgi_params = preg_replace('/&ticket=[^&]*/','',$cgi_params);
          $cgi_params =
preg_replace('/\?ticket=[^&;]*/','?',$cgi_params);



The complexity we have results from the fact that one of the cgi_params
is itself a full URI that has a GET in it.  As a result, the the line I
changed was only passing on params up to the second '?' in the original
URI.  I simply changed the behavior to make the cgi_params contain
everything in the string from the first '?' to the end of the string.
This was the behavior with the original line in most cases, except those
that contained a second '?'.

Now, my question is, "Was this change really simplistic and foolish?"
Everything we're throwing at it seems to function correctly and it
solves the immediate problems, but it feels like it could introduce some
unexpected behavior.  Any thoughts?

- --
Paul Ortman

PGP Key: 55602C81
- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG3AtGfw8KGlVgLIERAlq8AKCK2RyiA9aVYO+wM83LPF+PtbsbGACfYvT+
vbTFbpB7lXO+2Rd/yn1iPk8=
=EeBO
-----END PGP SIGNATURE-----
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas

More information about the cas mailing list