From 32d7f46b1a4fc8c04716fde84b15737a8c5bb541 Mon Sep 17 00:00:00 2001
From: Christophe Maudoux <chrmdx@gmail.com>
Date: Sat, 18 Jan 2020 18:58:42 +0100
Subject: [PATCH] Better fix (#2061)

---
 .../lib/Lemonldap/NG/Portal/Main/Process.pm                | 4 ++--
 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm    | 7 +++----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
index 62560d2cd..902353259 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
@@ -140,8 +140,8 @@ sub controlUrl {
 
         $req->env->{urldc}  = $req->{urldc};
         $req->env->{_url}   = $req->{_url};
-        $req->data->{_url}  = $url;
-        $req->pdata->{_url} = $url;
+        $req->data->{_url}  = encode_base64($req->{urldc},''); # Avoid \n or \n
+        $req->pdata->{_url} = encode_base64($req->{urldc},''); # Same here
     }
     PE_OK;
 }
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index 438f08507..181185750 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -56,13 +56,12 @@ sub handler {
     my $res = $self->Lemonldap::NG::Common::PSGI::Router::handler($req);
 
     # Avoid permanent loop 'Portal <-> _url' if pdata cookie is not removed
-    my $url64 = encode_base64( $req->userData->{_url}, '' )
-      if $req->userData->{_url};
-    if (    $url64
+    if (    $req->userData->{_url}
         and !$req->pdata->{keepPdata}
         and $req->userData->{_session_id}
         and $req->{env}->{HTTP_COOKIE}
-        and $req->{env}->{HTTP_COOKIE} =~ /$url64/ )
+        and $req->{env}->{HTTP_COOKIE} eq
+        encode_base64( $req->userData->{_url}, '' ) )
     {
         $self->logger->info("Force cleaning pdata");
         $self->logger->warn("pdata cookie domain must be set")