From 027752ab873ef4cce525e95f8186c491df8d3b89 Mon Sep 17 00:00:00 2001 From: Peter Murray Date: Wed, 18 Sep 2024 08:15:09 -0400 Subject: [PATCH 1/2] Add empty referer check (#3951) --- module/VuFind/src/VuFind/Controller/AbstractRecord.php | 3 ++- module/VuFind/src/VuFind/Controller/CartController.php | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/module/VuFind/src/VuFind/Controller/AbstractRecord.php b/module/VuFind/src/VuFind/Controller/AbstractRecord.php index 79d74ad8f7b..aea91f829f9 100644 --- a/module/VuFind/src/VuFind/Controller/AbstractRecord.php +++ b/module/VuFind/src/VuFind/Controller/AbstractRecord.php @@ -473,7 +473,8 @@ public function saveAction() // by unsetting the followup and relying on default behavior in processSave. $referer = $this->getRequest()->getServer()->get('HTTP_REFERER'); if ( - !str_ends_with($referer, '/Save') + !empty($referer) + && !str_ends_with($referer, '/Save') && stripos($referer, 'MyResearch/EditList/NEW') === false && $this->isLocalUrl($referer) ) { diff --git a/module/VuFind/src/VuFind/Controller/CartController.php b/module/VuFind/src/VuFind/Controller/CartController.php index 8b9ada4f12e..3fbf4b178e2 100644 --- a/module/VuFind/src/VuFind/Controller/CartController.php +++ b/module/VuFind/src/VuFind/Controller/CartController.php @@ -142,7 +142,7 @@ public function searchresultsbulkAction() // have an external site in the referer, we should ignore that! $referer = $this->getRequest()->getServer()->get('HTTP_REFERER'); $bulk = $this->url()->fromRoute('cart-searchresultsbulk'); - if ($this->isLocalUrl($referer) && !str_ends_with($referer, $bulk)) { + if (!empty($referer) && $this->isLocalUrl($referer) && !str_ends_with($referer, $bulk)) { $this->session->url = $referer; } From 1cd52ed2b2c91f4490b01583b9604372db1e8b51 Mon Sep 17 00:00:00 2001 From: Peter Murray Date: Wed, 18 Sep 2024 08:17:16 -0400 Subject: [PATCH 2/2] Add check for empty email value in Shibboleth::authenticate() (#3950) --- module/VuFind/src/VuFind/Auth/Shibboleth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/VuFind/src/VuFind/Auth/Shibboleth.php b/module/VuFind/src/VuFind/Auth/Shibboleth.php index 12b77aaefae..6f6d9b15bc9 100644 --- a/module/VuFind/src/VuFind/Auth/Shibboleth.php +++ b/module/VuFind/src/VuFind/Auth/Shibboleth.php @@ -210,7 +210,7 @@ public function authenticate($request) foreach ($this->attribsToCheck as $attribute) { if (isset($shib[$attribute])) { $value = $this->getAttribute($request, $shib[$attribute]); - if ($attribute == 'email') { + if ($attribute == 'email' && !empty($value)) { $userService->updateUserEmail($user, $value); } elseif ( $attribute == 'cat_username' && isset($shib['prefix'])