From e87abc94997d07dc0d6faca903103cc294610b76 Mon Sep 17 00:00:00 2001
From: Dan Scott <dscott@laurentian.ca>
Date: Sat, 10 Mar 2012 12:36:08 -0500
Subject: [PATCH] TPAC: Teach mkurl() to discard POST params

Unless we explicitly ask for POST params with the "params" argument to
mkurl(), prevent them from propagating. (Can't think of situations when
we would want to propagate a POST param, but we err on the side of
flexibility so...)

Thanks to Thomas Berezansky for suggesting the CGI url_param() method of
filtering POST params.

Signed-off-by: Dan Scott <dscott@laurentian.ca>
---
 Open-ILS/src/templates/opac/parts/header.tt2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Open-ILS/src/templates/opac/parts/header.tt2 b/Open-ILS/src/templates/opac/parts/header.tt2
index 30dbd6def6..5db8139ca0 100644
--- a/Open-ILS/src/templates/opac/parts/header.tt2
+++ b/Open-ILS/src/templates/opac/parts/header.tt2
@@ -57,6 +57,11 @@
         FOR p IN cgi.param;
             val = cgi.param(p);
             IF val == ''; cgi.delete(p); END;
+
+            # Delete POST vars unless we asked for them
+            UNLESS CGI.url_param(p) OR params.defined(p);
+                cgi.delete(p);
+            END;
         END;
 
         IF page;
-- 
2.11.0