Blog Documentation Try Vanilla Cloud
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

Can't use '?' in authentication url

tfotistfotis
edited May 2012 in Vanilla 2.0 - 2.8

Hi,

i found a bug in jsConnect, but couldn't find a proper place to report it, so i am posting it here. sorry if this is inappropriate.

if my authentication url includes an '?', the url built to handle the authentication is invalid.

for example let's say that the authentication url is http://www.example.com/index.php?module=Vanilla&func=authenticate. Then, jsConnect will append it's parameters without checking if the authentication url already has a '?'. The resulting url will be something like http://www.example.com/index.php?module=Vanilla&func=authenticate?client_id=XXX&timestamp=XXX&signature=XXX&Target=%2Fsettings%2Fjsconnect (notice the 2 question marks?)

my suggestion is to add a check if the authentication url has a question mark, if it does, then append '&' else append '?'.

thanks for looking and great job on the jsConnect plugin

Thanasis

Answers

Sign In or Register to comment.