WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: Shibboleth] over-escaping the target url (1 post)

  1. ys2n
    Member
    Posted 4 years ago #

    I recently installed version 1.3 of the WordPress plug-in in WordPress MU 2.8.4a.

    I had one major problem which I hacked to overcome:

    When the plug-in redirected to the IDP it constructed target parameters that we "over-escaped". e.g.

    https://mysp.example.com/Shibboleth.sso/Login?target=https%253A%252F%252Fmysp.exaple.com%252Fwp-login.php%253Faction%253Dshibboleth

    Note that %253A is the %3A with the % escaped to %25.

    I fixed the problem by removing the urlencode from line 243 of shibboleth.php where it is constructing the initiator url:

    // $initiator_url = add_query_arg('target', urlencode($target), $initiator_url);
            $initiator_url = add_query_arg('target', $target, $initiator_url);

    Hope this helps,
    yuji
    ----

    http://wordpress.org/extend/plugins/shibboleth/

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags