X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fauth.php;h=0d09dceffe181aa7defa45207c4eecd582db14f6;hb=48dba8feba7c3653a925aab5273fc30a6c257240;hp=0d9e12b904e75a1dc85b311d1cefd541447d7a72;hpb=b271177d4412bfb5d1474f7d2d1ef0990e65addd;p=platal.git

diff --git a/modules/auth.php b/modules/auth.php
index 0d9e12b..0d09dce 100644
--- a/modules/auth.php
+++ b/modules/auth.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2011 Polytechnique.org                              *
+ *  Copyright (C) 2003-2014 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -118,11 +118,11 @@ class AuthModule extends PLModule
      */
     function handler_groupex($page, $charset = 'utf8')
     {
-        $gpex_url = urldecode(Get::s('url'));
+        $ext_url = urldecode(Get::s('url'));
 
         if (!S::logged()) {
             $page->assign('external_auth', true);
-            $page->assign('gpex_url', $gpex_url);
+            $page->assign('ext_url', $ext_url);
             $page->setTitle('Authentification');
             $page->setDefaultSkin('group_login');
 
@@ -134,6 +134,8 @@ class AuthModule extends PLModule
             } else {
                 $page->assign('group', null);
             }
+            // Add a P3P header for compatibility with IE in iFrames (http://www.w3.org/TR/P3P11/#compact_policies)
+            header('P3P: CP="CAO COR CURa ADMa DEVa OUR IND PHY ONL COM NAV DEM CNT STA PRE"');
             return PL_DO_AUTH;
         }
 
@@ -145,16 +147,16 @@ class AuthModule extends PLModule
 
         $gpex_pass = Get::s('pass');
         if (Get::has('session')) {
-            if (strpos($gpex_url, '?') === false) {
-                $gpex_url .= "?PHPSESSID=" . Get::s('session');
+            if (strpos($ext_url, '?') === false) {
+                $ext_url .= "?PHPSESSID=" . Get::s('session');
             } else {
-                $gpex_url .= "&PHPSESSID=" . Get::s('session');
+                $ext_url .= "&PHPSESSID=" . Get::s('session');
             }
         }
 
         // Normalize the return URL.
-        if (!preg_match("/^(http|https):\/\/.*/",$gpex_url)) {
-            $gpex_url = "http://$gpex_url";
+        if (!preg_match("/^(http|https):\/\/.*/",$ext_url)) {
+            $ext_url = "http://$ext_url";
         }
         $gpex_challenge = Get::s('challenge');
 
@@ -187,8 +189,8 @@ class AuthModule extends PLModule
                 // We check that the return url matches a per-key regexp to prevent
                 // replay attacks (more exactly to force replay attacks to redirect
                 // the user to the real GroupeX website, which defeats the attack).
-                if (empty($returnurls) || @preg_match($returnurls, $gpex_url)) {
-                    $returl = $gpex_url . gpex_make_params($gpex_challenge, $privkey, $datafields, $charset);
+                if (empty($returnurls) || @preg_match($returnurls, $ext_url)) {
+                    $returl = $ext_url . gpex_make_params($gpex_challenge, $privkey, $datafields, $charset);
                     XDB::execute('UPDATE  group_auth
                                      SET  last_used = DATE(NOW())
                                    WHERE  name = {?}',
@@ -260,5 +262,5 @@ class AuthModule extends PLModule
     }
 }
 
-// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
+// vim:set et sw=4 sts=4 sws=4 foldmethod=marker fenc=utf-8:
 ?>