From 985bdc2509b639ee441d6a6a18056bf6c3ecd9d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= <clement@oodo.net>
Date: Sat, 27 Dec 2008 11:00:45 +0000
Subject: [PATCH] LEMONLDAP::NG : don't test url if direct access to portal

---
 modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
index bac150eec..00046afef 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
@@ -373,6 +373,7 @@ sub notification {
 # check url against XSS attacks
 sub get_url {
     my ($self) = @_;
+    return unless $self->param('url');
     return if ( $self->param('url') =~ m#[^A-Za-z0-9\+/=]# );
     return $self->param('url');
 }