Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-50129

Bug detected in auth/cas plugin



      We found a possible bug when proxy settings when we defined as CAS authentication method.

      The problem is given in the file ... /auth/cas/auth.php, specifically in the line 218.

      CAS configuration in the hostname parameter, we have configured the CAS server with the hostname "www.xxxxx.org". When on line 218:

      if (! empty ($CFG-> proxyhost) &&! is_proxybypass ($this->config->hostname)) {

      is_proxybypass function returns false when it should return true. And this is because when in the is_proxybypass function in ../lib/moodlelib.php in the parse_url function ($url, PHP_URL_HOST) returns null because don`t understand the hostname syntax "www.xxxx.org", but understand this other sytanx "https://www.xxx.org".

      To solve this, we had to make the following change in code, adding the string "https://" in the line 218 of the file ... /auth/cas/auth.php:

      if (! empty ($CFG->proxyhost) && is_proxybypass ('https: //' . $this->config->hostname)) {

      In this way it ensures that the hostname is returned properly and returns a NULL and therefore can not properly configure the proxy.

      I pray to review this part of the code to add the bug in the next updates.


            Unassigned Unassigned
            eduhernandezm Eduardo Hm
            Simey Lameze Simey Lameze
            0 Vote for this issue
            3 Start watching this issue


                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.