From 4a34d78093052fde921d5c73ba96673515441b8b Mon Sep 17 00:00:00 2001
From: Dan Scott <dscott@laurentian.ca>
Date: Sat, 10 Mar 2012 12:36:08 -0500
Subject: [PATCH] TPAC: Teach mkurl() to discard POST params

Unless we explicitly ask for POST params with the "params" argument to
mkurl(), prevent them from propagating. (Can't think of situations when
we would want to propagate a POST param, but we err on the side of
flexibility so...)

Thanks to Thomas Berezansky for suggesting the CGI url_param() method of
filtering POST params.

Signed-off-by: Dan Scott <dscott@laurentian.ca>
Signed-off-by: Thomas Berezansky <tsbere@mvlc.org>
---
 Open-ILS/src/templates/opac/parts/header.tt2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Open-ILS/src/templates/opac/parts/header.tt2 b/Open-ILS/src/templates/opac/parts/header.tt2
index 30dbd6def6..5db8139ca0 100644
--- a/Open-ILS/src/templates/opac/parts/header.tt2
+++ b/Open-ILS/src/templates/opac/parts/header.tt2
@@ -57,6 +57,11 @@
         FOR p IN cgi.param;
             val = cgi.param(p);
             IF val == ''; cgi.delete(p); END;
+
+            # Delete POST vars unless we asked for them
+            UNLESS CGI.url_param(p) OR params.defined(p);
+                cgi.delete(p);
+            END;
         END;
 
         IF page;
-- 
2.11.0