Commit 735b1d1c authored by IKEDA Soji's avatar IKEDA Soji
Browse files

Fix: CAS negotiation can be messed via query parameter.

parent 76c47461
......@@ -1326,13 +1326,9 @@ while ($query = Sympa::WWW::FastCGI->new) {
"CAS ticket is detected. in{'ticket'}=$in{'ticket'} checked_cas=$session->{'checked_cas'}"
);
 
my $cas_id = '';
if ($in{'checked_cas'} =~ /^(\d+)\,?/) {
$cas_id = $1;
} elsif ($session->{'checked_cas'} =~ /^(\d+)\,?/) {
$cas_id = $1;
}
if ($cas_id ne '') {
#XXXif ($in{'checked_cas'} =~ /^(\d+)\,?/ or # no longer available
if (($session->{'checked_cas'} // '') =~ /^(\d+)\,?/) {
my $cas_id = $1;
 
my $ticket = $in{'ticket'};
my $cas_server =
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment