CAS: Use $_POST instead of $_REQUEST BT#18252

jmontoyaa · jmontoyaa · commit 84c2d48d3122 · 2021-01-14T12:12:35.000+01:00
Add checkLoginCas $_GET parameter in order to check if user is already
logged in.
diff --git a/main/inc/local.inc.php b/main/inc/local.inc.php
@@ -198,7 +198,7 @@
 $logging_in = false;
 
 /*  MAIN CODE  */
-if (array_key_exists('forceCASAuthentication', $_REQUEST)) {
+if (array_key_exists('forceCASAuthentication', $_POST)) {
     unset($_SESSION['_user']);
     unset($_user);
     if (api_is_anonymous()) {
@@ -283,13 +283,14 @@
         if (
             is_array($cas) && array_key_exists('force_redirect', $cas) && $cas['force_redirect']
             ||
-            array_key_exists('forceCASAuthentication', $_REQUEST)
+            array_key_exists('forceCASAuthentication', $_POST)
+            ||
+            array_key_exists('checkLoginCas', $_GET)
             ||
             array_key_exists('ticket', $_GET)
         ) {
             phpCAS::forceAuthentication();
         }
-
         // check whether we are authenticated
         if (phpCAS::isAuthenticated()) {
             // the user was successfully authenticated by the CAS server, read its CAS user identification
