[Bug 22585] New: CAS login link for staff intranet is double-escaped

classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] New: CAS login link for staff intranet is double-escaped

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

            Bug ID: 22585
           Summary: CAS login link for staff intranet is double-escaped
 Change sponsored?: ---
           Product: Koha
           Version: 18.11
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Authentication
          Assignee: [hidden email]
          Reporter: [hidden email]
        QA Contact: [hidden email]
                CC: [hidden email]
  Target Milestone: ---

Created attachment 87036
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=87036&action=edit
remove double-escape for CAS URL

The return URL that is part of the link to CAS login is double-escaped on the
staff login page.  This means that %3A%2F%2F is converted to %253A%252F%252F.

It appears that this is the same issue as bug 21973 but in the staff intranet
template.  I have attached an identical patch for the intranet auth.tt file.

--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] CAS login link for staff intranet is double-escaped

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

Justin Rittenhouse <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Patch complexity|---                         |Trivial patch
             Status|NEW                         |Needs Signoff

--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] CAS login link for staff intranet is double-escaped

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|18.11                       |master
                 CC|                            |[hidden email]-c
                   |                            |ommunity.org
           Severity|enhancement                 |major
           Assignee|[hidden email]-commun |[hidden email]
                   |ity.org                     |

--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] CAS login link for staff intranet is double-escaped

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #1 from Jonathan Druart <[hidden email]> ---
*** Bug 23026 has been marked as a duplicate of this bug. ***

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] CAS login link for staff intranet is double-escaped

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           See Also|                            |https://bugs.koha-community
                   |                            |.org/bugzilla3/show_bug.cgi
                   |                            |?id=21973

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] CAS login link for staff intranet is double-escaped

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

Nick Clemens <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Needs Signoff               |Signed Off

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] CAS login link for staff intranet is double-escaped

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

--- Comment #2 from Nick Clemens <[hidden email]> ---
Created attachment 90376
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=90376&action=edit
Bug 22585: remove double-escape for CAS URL

The return URL that is part of the link to CAS login is double-escaped on the
staff login page.

It appears that this is the same issue as bug 21973 but in the staff intranet
template.  I have attached an identical patch for the intranet auth.tt file.

Signed-off-by: Nick Clemens <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] CAS login link for staff intranet is double-escaped

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

Nick Clemens <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #87036|0                           |1
        is obsolete|                            |

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] CAS login link for staff intranet is double-escaped

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

Katrin Fischer <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #3 from Katrin Fischer <[hidden email]> ---
With this patch, there remains:

koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt:                        
                  <li><a href="[% casServer.value | url %]">

Can you please check if this needs to be changed as well?

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] CAS login link for staff intranet is double-escaped

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

--- Comment #4 from Jonathan Druart <[hidden email]> ---
It comes from:

C4/Auth.pm

1310             foreach my $key ( keys %$casservers ) {
1311                 push @tmplservers, { name => $key, value => login_cas_url(
$query, $key, $type ) . "?cas=$key" };
1312             }

So you are right Katrin, it must not be filtered.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] CAS login link for staff intranet is double-escaped

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

--- Comment #5 from Nick Clemens <[hidden email]> ---
Created attachment 90456
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=90456&action=edit
Bug 22585: (follow-up) Fix additional occurences

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] CAS login link for staff intranet is double-escaped

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

--- Comment #6 from Jonathan Druart <[hidden email]> ---
This patch is for OPAC and so more a follow-up for bug 21973. But I am not sure
it would make sense to open a third report for it.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] CAS login link for staff intranet is double-escaped

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

--- Comment #7 from Nick Clemens <[hidden email]> ---
(In reply to Jonathan Druart from comment #6)
> This patch is for OPAC and so more a follow-up for bug 21973. But I am not
> sure it would make sense to open a third report for it.

Maybe just retitle this one as "Fix remaning CAS links"?

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] Fix remaining double-escaped CAS links

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|CAS login link for staff    |Fix remaining
                   |intranet is double-escaped  |double-escaped CAS links
         Depends on|                            |21973
           See Also|https://bugs.koha-community |
                   |.org/bugzilla3/show_bug.cgi |
                   |?id=21973                   |


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21973
[Bug 21973] CAS URL escaped twice, preventing login
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] Fix remaining double-escaped CAS links

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

Katrin Fischer <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Signed Off                  |Passed QA

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] Fix remaining double-escaped CAS links

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

Katrin Fischer <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #90376|0                           |1
        is obsolete|                            |

--- Comment #8 from Katrin Fischer <[hidden email]> ---
Created attachment 90554
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=90554&action=edit
Bug 22585: remove double-escape for CAS URL

The return URL that is part of the link to CAS login is double-escaped on the
staff login page.

It appears that this is the same issue as bug 21973 but in the staff intranet
template.  I have attached an identical patch for the intranet auth.tt file.

Signed-off-by: Nick Clemens <[hidden email]>

Signed-off-by: Katrin Fischer <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] Fix remaining double-escaped CAS links

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

Katrin Fischer <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #90456|0                           |1
        is obsolete|                            |

--- Comment #9 from Katrin Fischer <[hidden email]> ---
Created attachment 90555
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=90555&action=edit
Bug 22585: (follow-up) Fix additional occurences

Signed-off-by: Katrin Fischer <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] Fix remaining double-escaped CAS links

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

Martin Renvoize <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Passed QA                   |Pushed to Master
         Version(s)|                            |19.11.00
        released in|                            |

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] Fix remaining double-escaped CAS links

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

--- Comment #10 from Martin Renvoize <[hidden email]> ---
Nice work!

Pushed to master for 19.11.00

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22585] Fix remaining double-escaped CAS links

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22585

Fridolin SOMERS <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Pushed to Master            |Pushed to Stable
         Version(s)|19.11.00                    |19.11.00,19.05.01
        released in|                            |
                 CC|                            |[hidden email]
                   |                            |m

--- Comment #11 from Fridolin SOMERS <[hidden email]> ---
Pushed to 19.05.x for 19.05.01

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/