From: Dan Scott <dscott@laurentian.ca>
Date: Sat, 10 Mar 2012 17:36:08 +0000 (-0500)
Subject: TPAC: Teach mkurl() to discard POST params
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=4a34d78093052fde921d5c73ba96673515441b8b;p=evergreen%2Fpines.git

TPAC: Teach mkurl() to discard POST params

Unless we explicitly ask for POST params with the "params" argument to
mkurl(), prevent them from propagating. (Can't think of situations when
we would want to propagate a POST param, but we err on the side of
flexibility so...)

Thanks to Thomas Berezansky for suggesting the CGI url_param() method of
filtering POST params.

Signed-off-by: Dan Scott <dscott@laurentian.ca>
Signed-off-by: Thomas Berezansky <tsbere@mvlc.org>
---

diff --git a/Open-ILS/src/templates/opac/parts/header.tt2 b/Open-ILS/src/templates/opac/parts/header.tt2
index 30dbd6def6..5db8139ca0 100644
--- a/Open-ILS/src/templates/opac/parts/header.tt2
+++ b/Open-ILS/src/templates/opac/parts/header.tt2
@@ -57,6 +57,11 @@
         FOR p IN cgi.param;
             val = cgi.param(p);
             IF val == ''; cgi.delete(p); END;
+
+            # Delete POST vars unless we asked for them
+            UNLESS CGI.url_param(p) OR params.defined(p);
+                cgi.delete(p);
+            END;
         END;
 
         IF page;