MDL-21802 backporting patch for vulnerability in CAS client library

diff --git a/auth/cas/CAS/client.php b/auth/cas/CAS/client.php
index ca846da..0ce65fd 100644 (file)
--- a/auth/cas/CAS/client.php
+++ b/auth/cas/CAS/client.php
@@ -1994,15 +1994,22 @@ class CASClient
         }
       }
 
-      $final_uri .= strtok($_SERVER['REQUEST_URI'],"?");
-      $cgi_params = '?'.strtok("?");
-      // remove the ticket if present in the CGI parameters
-      $cgi_params = preg_replace('/&ticket=[^&]*/','',$cgi_params);
-      $cgi_params = preg_replace('/\?ticket=[^&;]*/','?',$cgi_params);
-      $cgi_params = preg_replace('/\?%26/','?',$cgi_params);
-      $cgi_params = preg_replace('/\?&/','?',$cgi_params);
-      $cgi_params = preg_replace('/\?$/','',$cgi_params);
-      $final_uri .= $cgi_params;
+      $baseurl = split("\?", $_SERVER['REQUEST_URI'], 2);
+      $final_uri .= $baseurl[0];
+      $query_string = '';
+      if ($_GET) {
+          $kv = array();
+          foreach ($_GET as $key => $value) {
+              if($key !== "ticket"){
+                  $kv[] = urlencode($key). "=" . urlencode($value);
+              }
+          }
+          $query_string = join("&", $kv);
+      }
+      if($query_string){
+          $final_uri .= "?" . $query_string;
+      }
+
       $this->setURL($final_uri);
     }
     phpCAS::traceEnd($this->_url);

diff --git a/auth/cas/CAS/readme_moodle.txt b/auth/cas/CAS/readme_moodle.txt
new file mode 100644 (file)
index 0000000..a830c39
--- /dev/null
+++ b/auth/cas/CAS/readme_moodle.txt
@@ -0,0 +1,7 @@
+PHP CAS library import
+
+List of changes:
+1/ backported fix for: http://www.ja-sig.org/issues/browse/PHPCAS-52 (MDL-21802) 
+
+
+skodak