Escape values in URI (#1025)

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBGet.pm

@@ -9,9 +9,10 @@ package Lemonldap::NG::Portal::IssuerDBGet;
 use strict;
 use Lemonldap::NG::Portal::Simple;
 use MIME::Base64;
+use URI::Escape;
 use base qw(Lemonldap::NG::Portal::_LibAccess);
 
-our $VERSION = '1.9.3';
+our $VERSION = '2.0.0';
 
 ## @method void issuerDBInit()
 # Nothing to do
@@ -74,7 +75,6 @@ sub issuerForUnAuthUser {
     return PE_OK;
 }
 
-
 ## @apmethod int issuerForAuthUser()
 # Manage Get request for authenticated user
 # @return Lemonldap::NG::Portal error code
@@ -170,6 +170,7 @@ sub computeGetParams {
     if ( exists $self->{issuerDBGetParameters} ) {
         my $issuerDBGetParameters = $self->{issuerDBGetParameters};
         foreach my $vhost ( keys %$issuerDBGetParameters ) {
+
             # if vhost is matching
             if ( index( $self->{urldc}, $vhost ) != -1 ) {
                 my $params = $issuerDBGetParameters->{$vhost};
@@ -184,8 +185,10 @@ sub computeGetParams {
                     $value = eval($val);
                     $self->lmLog( "Error while evaluating $val: $@", 'warn' )
                       if $@;
+
                     # Chain GET parameters unless there are evaluation errors
-            $getVars .= "&".$param."=".$value unless $@;
+                    $getVars .= "&" . $param . "=" . uri_escape($value)
+                      unless $@;
                 }
             }
         }
@@ -198,10 +201,13 @@ sub computeGetParams {
     if ( $getVars ne "" ) {
         my $urldc = $self->{urldc};
 
-      $urldc .= ( $urldc =~ /\?\w/ ) ?
+        $urldc .= ( $urldc =~ /\?\w/ )
+          ?
+
           # there are already get variables
           "&" . $getVars
           :
+
           # there are no get variables
           "?" . $getVars;
         $self->{urldc} = $urldc;
@@ -209,7 +215,6 @@ sub computeGetParams {
 
 }
 
-
 sub substitute {
     my $expr = shift;
 
@@ -224,10 +229,6 @@ sub substitute {
     return $expr;
 }
 
-
-
-
-
 1;
 
 __END__