Don t send params with GET method (#2081)

2020-02-07 21:39:58 +01:00 · 2020-02-07 21:39:58 +01:00 · dd9e849b3e
commit dd9e849b3e
parent b879f318a0
3 changed files with 15 additions and 7 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@ -2,7 +2,7 @@
 # Display functions for LemonLDAP::NG Portal
 package Lemonldap::NG::Portal::Main::Display;

-our $VERSION = '2.0.7';
+our $VERSION = '2.0.8';

 package Lemonldap::NG::Portal::Main;
 use strict;
@ -122,6 +122,7 @@ sub display {

    # 1.3 There is a message to display
    elsif ( my $info = $req->info ) {
+        my $method = $req->data->{infoFormMethod} || $self->conf->{infoFormMethod};
        $self->logger->debug('Display: info detected');
        $self->logger->debug('Hidden values :');
        $self->logger->debug( " $_: " . $req->{portalHiddenFormValues}->{$_} )
@ -138,8 +139,11 @@ sub display {
            ACTIVE_TIMER    => $req->data->{activeTimer},
            CHOICE_PARAM    => $self->conf->{authChoiceParam},
            CHOICE_VALUE    => $req->data->{_authChoice},
-            FORM_METHOD     => $req->data->{infoFormMethod}
-              || $self->conf->{infoFormMethod},
+            FORM_METHOD     => $method,
+            (
+                $method ne 'get' ? ( SEND_PARAMS => 1 )
+                : ()
+            ),
            (
                $req->data->{customScript}
                ? ( CUSTOM_SCRIPT => $req->data->{customScript} )
@ -507,7 +511,6 @@ sub buildHiddenForm {
 # TODO: create property for skinRule
 sub getSkin {
    my ( $self, $req ) = @_;
-
    my $skin = $self->conf->{portalSkin};

    # Fill sessionInfo to eval rule if empty (unauthenticated user)
--- a/lemonldap-ng-portal/site/templates/bootstrap/info.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/info.tpl
@ -7,7 +7,9 @@
    <TMPL_IF NAME="CHOICE_VALUE">
      <input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" />
    </TMPL_IF>
-    <input type="hidden" name="skin" value="<TMPL_VAR NAME="SKIN">" />
+    <TMPL_IF NAME="SEND_PARAMS">
+      <input type="hidden" name="skin" value="<TMPL_VAR NAME="SKIN">" />
+    </TMPL_IF>
    <div class="card border-info">
      <div class="card-header text-white bg-info">
        <h3 class="card-title" trspan="info">Information</h3>
--- a/lemonldap-ng-portal/t/62-SingleSession.t
+++ b/lemonldap-ng-portal/t/62-SingleSession.t
@ -34,11 +34,14 @@ ok(
    $res = $client->_post(
        '/',
        IO::String->new('user=dwho&password=dwho'),
-        length => 23
+        length => 23,
+        accept => 'text/html',
    ),
    'Auth query'
 );
-count(1);
+ok( $res->[2]->[0] !~ m%<input type="hidden" name="skin" value="bootstrap" />%, '"skin=bootstrap" input not found' )
+  or explain( $res->[2]->[0], '"skin=bootstrap" found' );
+count(2);
 expectOK($res);
 my $id2 = expectCookie($res);