Login Landing Page (Services URL) broken

Hi,
I think i’ve made a bug in last commit. Please uncomment line which encode URL in wp_cassify_encode_query_in_url function located in WP_cassify_utils.php.
Sorry, i can’t commit today but i will push new release tomorrow.

Best regards.

Hi,
Bug is fixed by last release.
Best regards.

Unfortunately I have to report other error on this landing link.
Now The query parameter is present, but wrong. One = is attached on the value of variable.
On the example start from:

<a href="https://xxxx.com/wp-admin/tools.php?page=log_viewer_files_view#L_up">TestMe</a> 

is changed in:

https://xxxx.com/cas/login?service=https://xxxx.com/wp-admin/tools.php?page%3Dlog_viewer_files_view=#L_up

with the = check it:
page%3Dlog_viewer_files_view=#L_up

• This reply was modified 7 years, 8 months ago by Odyno.
• This reply was modified 7 years, 8 months ago by Odyno.

Have you find how to fix the problem, i have the same, a “=” come at the end of get variable. Without get there is no problem. But when there is a get, wp-cassify put a = at the end, ans i have a “CAS athentification failed”.

I had to make a few changes to solve the ‘=’ issue and the other ones related to it (“CAS athentification failed”, and so on).

1. Wrong encoding: In wp_cassify_encode_query_in_url function located in WP_cassify_utils.php, rawurlencode() can’t be around the parse_url(), it will convert ‘=’ and ‘&’ and then parse_str() will not be able to split correctly each query param. Adding rawurlencode() only when $query_encoded_url is defined removes the extra ‘=’.
2. Redirecting encoded url: Since the new url is now fully encoded and it’s also returned encoded, I needed to add a new else if in wp_cassify_redirect_url function to check if the decoded URL was valid else if ( filter_var( urldecode( $redirect_url ), FILTER_VALIDATE_URL ) ).
3. Replacing &: Checking the redirect flow, I also found that wordpress was replacing ‘&’ for ‘&’ during the process, which is not considered in parse_url() and parse_str() correctly. So to make sure the url was correct I added to wp_cassify_extract_get_parameter $url = str_replace( '&', '&', $url ); before parse_url() and $get_parameter_value = str_replace( '&', '&', $get_parameter_value ); before the return.
4. Enconding service URL grabbing service ticket: Another problem I had was that the service url was not being encoded corretly when calling the serviceValidate url, resulting in the “CAS athentification failed” error also mentioned above. To fix this, in function wp_cassify_grab_service_ticket located in WP_cassify_plugin.php, right before the $service_validate_url definition, I added `if ( parse_url( $service_url, PHP_URL_QUERY ) ) {
   $service_url = WP_Cassify_Utils::wp_cassify_encode_query_in_url( $service_url );
   }used inwp_cassify_redirect`.

Hope it helps.

??

• This reply was modified 7 years, 4 months ago by koizuminana.

Just fixing a note in the previous comment in point 3.
“wordpress was replacing ‘&’ for ‘& #038;'”
and
“str_replace( ‘& #038;’, ‘&’,”

without the space between ‘&’ and ‘#038;’.