From fadb983fd8a457e6a586ead26f8168a03aaabfb6 Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Sat, 24 Oct 2009 20:43:54 +0000
Subject: [PATCH] Fix use of relative redirect.

---
 adfs/handlers.cpp             | 32 ++++++++++++++++++++++++++++----
 shib-target/shib-handlers.cpp | 32 ++++++++++++++++++++++++++++----
 2 files changed, 56 insertions(+), 8 deletions(-)

diff --git a/adfs/handlers.cpp b/adfs/handlers.cpp
index 382b67b..1eaeaad 100644
--- a/adfs/handlers.cpp
+++ b/adfs/handlers.cpp
@@ -429,8 +429,19 @@ pair<bool,void*> ADFSHandler::run(ShibTarget* st, const IPropertySet* handler, b
             ret=handler->getString("ResponseLocation").second;
         if (!ret)
             ret=st->getApplication()->getString("homeURL").second;
-        if (!ret)
-            ret="/";
+        if (!ret) {
+            // No homeURL, so compute a URL to the root of the site.
+            int port = st->getPort();
+            const char* scheme = st->getProtocol();
+            string dest = string(scheme) + "://" + st->getHostname();
+            if ((!strcmp(scheme,"http") && port!=80) || (!strcmp(scheme,"https") && port!=443)) {
+                ostringstream portstr;
+                portstr << port;
+                dest += ':' + portstr.str();
+            }
+            dest += '/';
+            return make_pair(true, st->sendRedirect(dest));
+        }
         return make_pair(true, st->sendRedirect(ret));
     }
     
@@ -469,7 +480,7 @@ pair<bool,void*> ADFSHandler::run(ShibTarget* st, const IPropertySet* handler, b
 
     if (target=="default") {
         pair<bool,const char*> homeURL=app->getString("homeURL");
-        target=homeURL.first ? homeURL.second : "/";
+        target=homeURL.first ? homeURL.second : "";
     }
     else if (target=="cookie" || target.empty()) {
         // Pull the target value from the "relay state" cookie.
@@ -478,7 +489,7 @@ pair<bool,void*> ADFSHandler::run(ShibTarget* st, const IPropertySet* handler, b
         if (!relay_state || !*relay_state) {
             // No apparent relay state value to use, so fall back on the default.
             pair<bool,const char*> homeURL=app->getString("homeURL");
-            target=homeURL.first ? homeURL.second : "/";
+            target=homeURL.first ? homeURL.second : "";
         }
         else {
             char* rscopy=strdup(relay_state);
@@ -519,6 +530,19 @@ pair<bool,void*> ADFSHandler::run(ShibTarget* st, const IPropertySet* handler, b
         }
     }
 
+    if (target == "") {
+        // No homeURL, so compute a URL to the root of the site.
+        int port = st->getPort();
+        const char* scheme = st->getProtocol();
+        target = string(scheme) + "://" + st->getHostname();
+        if ((!strcmp(scheme,"http") && port!=80) || (!strcmp(scheme,"https") && port!=443)) {
+            ostringstream portstr;
+            portstr << port;
+            target += ':' + portstr.str();
+        }
+        target += '/';
+    }
+
     // Now redirect to the target.
     return make_pair(true, st->sendRedirect(target));
 }
diff --git a/shib-target/shib-handlers.cpp b/shib-target/shib-handlers.cpp
index 701a9dd..73038d2 100644
--- a/shib-target/shib-handlers.cpp
+++ b/shib-target/shib-handlers.cpp
@@ -316,7 +316,7 @@ pair<bool,void*> SAML1Consumer::run(ShibTarget* st, const IPropertySet* handler,
 
     if (target=="default") {
         pair<bool,const char*> homeURL=app->getString("homeURL");
-        target=homeURL.first ? homeURL.second : "/";
+        target=homeURL.first ? homeURL.second : "";
     }
     else if (target=="cookie" || target.empty()) {
         // Pull the target value from the "relay state" cookie.
@@ -325,7 +325,7 @@ pair<bool,void*> SAML1Consumer::run(ShibTarget* st, const IPropertySet* handler,
         if (!relay_state || !*relay_state) {
             // No apparent relay state value to use, so fall back on the default.
             pair<bool,const char*> homeURL=app->getString("homeURL");
-            target=homeURL.first ? homeURL.second : "/";
+            target=homeURL.first ? homeURL.second : "";
         }
         else {
             char* rscopy=strdup(relay_state);
@@ -366,6 +366,19 @@ pair<bool,void*> SAML1Consumer::run(ShibTarget* st, const IPropertySet* handler,
         }
     }
 
+    if (target == "") {
+        // No homeURL, so compute a URL to the root of the site.
+        int port = st->getPort();
+        const char* scheme = st->getProtocol();
+        target = string(scheme) + "://" + st->getHostname();
+        if ((!strcmp(scheme,"http") && port!=80) || (!strcmp(scheme,"https") && port!=443)) {
+            ostringstream portstr;
+            portstr << port;
+            target += ':' + portstr.str();
+        }
+        target += '/';
+    }
+
     // Now redirect to the target.
     return make_pair(true, st->sendRedirect(target));
 }
@@ -401,8 +414,19 @@ pair<bool,void*> ShibLogout::run(ShibTarget* st, const IPropertySet* handler, bo
         ret=handler->getString("ResponseLocation").second;
     if (!ret)
         ret=st->getApplication()->getString("homeURL").second;
-    if (!ret)
-        ret="/";
+    if (!ret) {
+        // No homeURL, so compute a URL to the root of the site.
+        int port = st->getPort();
+        const char* scheme = st->getProtocol();
+        string dest = string(scheme) + "://" + st->getHostname();
+        if ((!strcmp(scheme,"http") && port!=80) || (!strcmp(scheme,"https") && port!=443)) {
+            ostringstream portstr;
+            portstr << port;
+            dest += ':' + portstr.str();
+        }
+        dest += '/';
+        return make_pair(true, st->sendRedirect(dest));
+    }
     return make_pair(true, st->sendRedirect(ret));
 }
 
-- 
2.1.4