Regarding my nested encoded urls in the querystring use case referenced earlier, I found another issue. After making the changes in UrlUtil, I was redirected back to my account site with the correct url (https://account/?ret=https%3a%2f%2fcms%2flogin%3fret%3dsecure%252fresource&ticket=ST-Blah ). The dotnetcasclient httpmodule then tries to validate and strip the ticket portion from my url and redirect me back (UrlUtil.RemoveCasArtifactsFromUrl). It creates an EnhancedUriBuilder object with my url and will eventually call CreateItemsFromQuery to parse the querystring before attempting to remove the ticket values. The generated return url will be https://account/?ret=https%3a%2f%2fcms%2flogin%3fret. The ticket parameter is removed as intended, but the encoded ret querystring value gets mangled.
I believe the issue is in EnhancedUriBuilder.CreateItemsFromQuery. To split up the querystring, it decodes the querystring, then splits on &, and for each of those values splits again on = to generate a set of key/value pairs. Unfortunately one of my querystring parameters includes an encoded =. Since CreateItemsFromQuery decodes before splitting, this encoded value turns into a meaningful value that gets processed by the splitting logic, mangling the querystring. I believe the decode is incorrect there, it is provided a raw decoded url to work with. Removing the decode also makes the encode when generating the key/value pairs unnecessary since the querystring values will still be encoded. The only problem would be if EnhancedUriBuilder was meant to be given an encoded url to work with initially, but that did not seem to be the case when going through the CasAuthentication.ProcessTicketValidation use case, nor in any other case I noticed. If I have misunderstood this components purpose or intent, or if there are any other noticeable issues, please let me know. Thanks. -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
