--- "ucam_webauth (1).php"	2016-02-23 17:11:58.053813300 +0000
+++ ucam_webauth.php	2016-02-23 17:21:38.566409800 +0000
@@ -98,7 +98,8 @@
 			     '560' => 'Web server not authorized to use the authentication service',
 			     '570' => 'Operation declined by the authentication service');
 
-  function Ucam_Webauth($args) {
+  // xg244: Old style constructor removed in PHP7.0
+  function __construct($args) {
     if (isset($args['auth_service'])) $this->auth_service = $args['auth_service'];
     else $this->auth_service = $this->DEFAULT_AUTH_SERVICE;
 
@@ -316,7 +317,8 @@
     $key_str = fread($key_file, filesize($key_filename));
     $key = openssl_get_publickey($key_str);
     fclose($key_file);
-    $result = openssl_verify(rawurldecode($data), $this->wls_decode(rawurldecode($sig)), $key);
+    // xg244: Bugfix: No need to rawurldecode here, otherwise query does not work
+    $result = openssl_verify($data, $this->wls_decode(rawurldecode($sig)), $key);
     openssl_free_key($key);
     return $result;
   }
@@ -379,13 +381,13 @@
   }
 
   function iso2time($t) {
+    // xg244: The old optional parameter at the end is removed in PHP7.0
     return gmmktime(substr($t, 9, 2),
 		    substr($t, 11, 2),
 		    substr($t, 13, 2),
 		    substr($t, 4, 2),
 		    substr($t, 6, 2),
-		    substr($t, 0, 4),
-		    -1);
+		    substr($t, 0, 4));
   }
 
   function wls_encode($str) {
@@ -511,7 +513,7 @@
      * this WLS. If so, validate the response. If we are not doing session
      * management then we can then just return. If we are doing session
      * management, check that the session cookie already exists with a
-     * test value (becuause otherwise we probably don't have cookies
+     * test value (because otherwise we probably don't have cookies
      * enabled), set it, and redirect back to the original URL to clear
      * the browser's location bar of the WLS response.
      */
@@ -635,7 +637,8 @@
       
       // Clean up the URL in browser location bar, i.e., remove WLS stuff
       // in query string, and, inevitably, redo original request a second time?
-      if (!$testauthonly) header('Location: ' . $token[$this->WLS_TOKEN_URL]);
+      // xg244: Bugfix: We need to do a rawurldecode here to handle escaped string properly
+      if (!$testauthonly) header('Location: ' . rawurldecode($token[$this->WLS_TOKEN_URL]));
       
       return FALSE;
     }