Bug #27276 ยป 0001-Remove-the-GET-Parameter-logintype-in-the-given-URL-.patch
| typo3/sysext/openid/sv1/class.tx_openid_sv1.php | ||
|---|---|---|
|
$returnURL = $this->getReturnURL();
|
||
|
$trustedRoot = t3lib_div::getIndpEnv('TYPO3_SITE_URL');
|
||
|
if ($authenticationRequest->shouldSendRedirect()) {
|
||
|
if ($authenticationRequest->shouldSendRedirect()) {
|
||
|
$redirectURL = $authenticationRequest->redirectURL($trustedRoot, $returnURL);
|
||
|
// If the redirect URL can't be built, return. We can only return.
|
||
| ... | ... | |
|
}
|
||
|
/**
|
||
|
* Remove the GET - Parameter logintype in the given URL when the value
|
||
|
* is 'login'. This avoids login loops with OpenID server when login
|
||
|
* via GET request.
|
||
|
*
|
||
|
* @param string $requestURL
|
||
|
* @return string
|
||
|
* @author Markus Kurde <mkurde@icef.com>
|
||
|
* @see getReturnURL
|
||
|
*/
|
||
|
private function _remove_login_type_parameter_from_url($requestURL)
|
||
|
{
|
||
|
$urlParts = parse_url($requestURL);
|
||
|
$urlParts['query'] = t3lib_div::explodeUrl2Array($urlParts['query']);
|
||
|
if ($urlParts['query']['logintype'] == 'login')
|
||
|
{
|
||
|
unset($urlParts['query']['logintype']);
|
||
|
unset($urlParts['query']['user']);
|
||
|
unset($urlParts['query']['pid']);
|
||
|
}
|
||
|
$urlParts['query'] = t3lib_div::implodeArrayForUrl('', $urlParts['query']);
|
||
|
if (function_exists('http_build_url'))
|
||
|
{
|
||
|
return http_build_url($urlParts);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
$url = $urlParts['scheme'] . '://' . $urlParts['host'] . $urlParts['path'];
|
||
|
if (!empty($urlParts['query']))
|
||
|
{
|
||
|
$url .= '?' . $urlParts['query'];
|
||
|
}
|
||
|
if (!empty($urlParts['fragment']))
|
||
|
{
|
||
|
$url .= '#' . $urlParts['fragment'];
|
||
|
}
|
||
|
return $url;
|
||
|
}
|
||
|
}
|
||
|
/**
|
||
|
* Creates return URL for the OpenID server. When a user is authenticated by
|
||
|
* the OpenID server, the user will be sent to this URL to complete
|
||
|
* authentication process with the current site. We send it to our script.
|
||
| ... | ... | |
|
$requestURL = t3lib_div::getIndpEnv('TYPO3_REQUEST_URL');
|
||
|
$claimedIdentifier = $this->loginData['uname'];
|
||
|
}
|
||
|
$requestURL = $this->_remove_login_type_parameter_from_url($requestURL);
|
||
|
$returnURL .= 'tx_openid_location=' . rawurlencode($requestURL) . '&' .
|
||
|
'tx_openid_mode=finish&' .
|
||
|
'tx_openid_claimed=' . rawurlencode($claimedIdentifier) . '&' .
|
||
| ... | ... | |
|
include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/openid/sv1/class.tx_openid_sv1.php']);
|
||
|
}
|
||
|
?>
|
||
|
?>
|
||