TPAC: Teach mkurl() to discard POST params

Unless we explicitly ask for POST params with the "params" argument to
mkurl(), prevent them from propagating. (Can't think of situations when
we would want to propagate a POST param, but we err on the side of
flexibility so...)

Thanks to Thomas Berezansky for suggesting the CGI url_param() method of
filtering POST params.

Signed-off-by: Dan Scott <dscott@laurentian.ca>
Signed-off-by: Thomas Berezansky <tsbere@mvlc.org>

diff --git a/Open-ILS/src/templates/opac/parts/header.tt2 b/Open-ILS/src/templates/opac/parts/header.tt2
index 30dbd6d..5db8139 100644 (file)
--- a/Open-ILS/src/templates/opac/parts/header.tt2
+++ b/Open-ILS/src/templates/opac/parts/header.tt2
@@ -57,6 +57,11 @@
         FOR p IN cgi.param;
             val = cgi.param(p);
             IF val == ''; cgi.delete(p); END;
+
+            # Delete POST vars unless we asked for them
+            UNLESS CGI.url_param(p) OR params.defined(p);
+                cgi.delete(p);
+            END;
         END;
 
         IF page;