Fix for bug introduced in r3332.
git-svn-id: http://simplesamlphp.googlecode.com/svn/trunk@3336 44740490-163a-0410-bde0-09ae8108e29a
This commit is contained in:
parent
8da830870b
commit
4522bf2864
|
@ -306,7 +306,7 @@ class SimpleSAML_Auth_ProcessingChain {
|
|||
* SimpleSAML_Auth_ProcessingChain::AUTHPARAM request parameter. Please
|
||||
* make sure to sanitize it properly by calling the
|
||||
* SimpleSAML_Utilities::checkURLAllowed() function with the embedded
|
||||
* restart URL, if any. See also SimpleSAML_Utilities::getURLFromStateID().
|
||||
* restart URL, if any. See also SimpleSAML_Utilities::parseStateID().
|
||||
*/
|
||||
public static function fetchProcessedState($id) {
|
||||
assert('is_string($id)');
|
||||
|
|
|
@ -211,10 +211,10 @@ class SimpleSAML_Auth_State {
|
|||
assert('is_bool($allowMissing)');
|
||||
SimpleSAML_Logger::debug('Loading state: ' . var_export($id, TRUE));
|
||||
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($id);
|
||||
|
||||
$session = SimpleSAML_Session::getInstance();
|
||||
$state = $session->getData('SimpleSAML_Auth_State', $id);
|
||||
$state = $session->getData('SimpleSAML_Auth_State', $sid['id']);
|
||||
|
||||
if ($state === NULL) {
|
||||
/* Could not find saved data. */
|
||||
|
@ -222,11 +222,11 @@ class SimpleSAML_Auth_State {
|
|||
return NULL;
|
||||
}
|
||||
|
||||
if ($restartURL === NULL) {
|
||||
if ($sid['url'] === NULL) {
|
||||
throw new SimpleSAML_Error_NoState();
|
||||
}
|
||||
|
||||
SimpleSAML_Utilities::redirectTrustedURL($restartURL);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($sid['url']);
|
||||
}
|
||||
|
||||
$state = unserialize($state);
|
||||
|
@ -246,11 +246,11 @@ class SimpleSAML_Auth_State {
|
|||
|
||||
SimpleSAML_Logger::warning($msg);
|
||||
|
||||
if ($restartURL === NULL) {
|
||||
if ($sid['url'] === NULL) {
|
||||
throw new Exception($msg);
|
||||
}
|
||||
|
||||
SimpleSAML_Utilities::redirectTrustedURL($restartURL);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($sid['url']);
|
||||
}
|
||||
|
||||
return $state;
|
||||
|
|
|
@ -77,9 +77,9 @@ class SimpleSAML_IdP_LogoutTraditional extends SimpleSAML_IdP_LogoutHandler {
|
|||
}
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($relayState);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($relayState);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($relayState, 'core:LogoutTraditional');
|
||||
|
|
|
@ -345,19 +345,23 @@ class SimpleSAML_Utilities {
|
|||
|
||||
|
||||
/**
|
||||
* Get a URL embedded in a StateID, in the form 'id:url'.
|
||||
* Get the ID and (optionally) a URL embedded in a StateID,
|
||||
* in the form 'id:url'.
|
||||
*
|
||||
* @param string $stateId The state ID to use.
|
||||
* @return string The embedded URL if found, NULL otherwise.
|
||||
* @return array A hashed array with the ID and the URL (if any),
|
||||
* in the 'id' and 'url' keys, respectively. If there's no URL
|
||||
* in the input parameter, NULL will be returned as the value for
|
||||
* the 'url' key.
|
||||
*/
|
||||
public static function getURLFromStateID($stateId) {
|
||||
public static function parseStateID($stateId) {
|
||||
$tmp = explode(':', $stateId, 2);
|
||||
$id = $tmp[0];
|
||||
$url = NULL;
|
||||
if (count($tmp) === 2) {
|
||||
$url = $tmp[1];
|
||||
}
|
||||
return $url;
|
||||
return array('id' => $id, 'url' => $url);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -69,9 +69,9 @@ class sspmod_InfoCard_Auth_Source_ICAuth extends SimpleSAML_Auth_Source {
|
|||
}
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($authStateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
/* Retrieve the authentication state. */
|
||||
|
|
|
@ -13,9 +13,9 @@ function check_credentials() {
|
|||
$id = $_REQUEST['ssp_state'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($id);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($id, 'aselect:login');
|
||||
|
|
|
@ -125,9 +125,9 @@ class sspmod_authYubiKey_Auth_Source_YubiKey extends SimpleSAML_Auth_Source {
|
|||
assert('is_string($otp)');
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($authStateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
/* Retrieve the authentication state. */
|
||||
|
|
|
@ -11,9 +11,9 @@ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState']))
|
|||
$stateID = $_REQUEST['AuthState'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateID);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($stateID);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($stateID, sspmod_authfacebook_Auth_Source_Facebook::STAGE_INIT);
|
||||
|
|
|
@ -11,9 +11,9 @@ if (array_key_exists('stateid', $_REQUEST)) {
|
|||
}
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($stateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authlinkedin_Auth_Source_LinkedIn::STAGE_INIT);
|
||||
|
|
|
@ -11,9 +11,9 @@ if (array_key_exists('stateid', $_REQUEST)) {
|
|||
}
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($stateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authmyspace_Auth_Source_MySpace::STAGE_INIT);
|
||||
|
|
|
@ -13,9 +13,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
|
|||
$id = $_REQUEST['StateId'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($id);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($id, 'authorize:Authorize');
|
||||
|
|
|
@ -10,9 +10,9 @@ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState']))
|
|||
$stateID = $_REQUEST['AuthState'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateID);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($stateID);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($stateID, sspmod_authtwitter_Auth_Source_Twitter::STAGE_INIT);
|
||||
|
|
|
@ -8,9 +8,9 @@ if (array_key_exists('wrap_client_state', $_REQUEST)) {
|
|||
$stateId = $_REQUEST['wrap_client_state'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($stateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authwindowslive_Auth_Source_LiveID::STAGE_INIT);
|
||||
|
|
|
@ -14,9 +14,9 @@ if (!isset($_GET['ticket'])) {
|
|||
}
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($stateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_cas_Auth_Source_CAS::STAGE_INIT);
|
||||
|
|
|
@ -18,9 +18,9 @@ if (!isset($response['id'])) {
|
|||
}
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($response['id']);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($response['id']);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($response['id'], 'cdc:resume');
|
||||
|
|
|
@ -33,9 +33,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
|
|||
$id = $_REQUEST['StateId'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($id);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($id, 'consent:request');
|
||||
|
|
|
@ -12,9 +12,9 @@ if (!array_key_exists('StateId', $_GET)) {
|
|||
$id = (string)$_GET['StateId'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($id);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($id, 'consent:request');
|
||||
|
|
|
@ -14,9 +14,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
|
|||
$id = $_REQUEST['StateId'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($id);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($id, 'consent:request');
|
||||
|
|
|
@ -198,9 +198,9 @@ abstract class sspmod_core_Auth_UserPassBase extends SimpleSAML_Auth_Source {
|
|||
assert('is_string($password)');
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($authStateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
/* Here we retrieve the state array we saved in the authenticate-function. */
|
||||
|
|
|
@ -210,9 +210,9 @@ abstract class sspmod_core_Auth_UserPassOrgBase extends SimpleSAML_Auth_Source {
|
|||
assert('is_string($organization)');
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($authStateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
/* Retrieve the authentication state. */
|
||||
|
@ -264,9 +264,9 @@ abstract class sspmod_core_Auth_UserPassOrgBase extends SimpleSAML_Auth_Source {
|
|||
assert('is_string($authStateId)');
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($authStateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
/* Retrieve the authentication state. */
|
||||
|
|
|
@ -6,9 +6,9 @@ if (!isset($_REQUEST['id'])) {
|
|||
$id = (string)$_REQUEST['id'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($id);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($id, 'core:Logout-IFrame');
|
||||
|
|
|
@ -20,9 +20,9 @@ if ($type !== 'embed' && $type !== 'async') {
|
|||
}
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($id);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($id, 'core:Logout-IFrame');
|
||||
|
|
|
@ -6,9 +6,9 @@ if (!isset($_REQUEST['id'])) {
|
|||
$id = (string)$_REQUEST['id'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($id);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($id, 'core:Logout:afterbridge');
|
||||
|
|
|
@ -16,9 +16,9 @@ if (!array_key_exists('AuthState', $_REQUEST)) {
|
|||
$authStateId = $_REQUEST['AuthState'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($authStateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
/* Retrieve the authentication state. */
|
||||
|
|
|
@ -16,9 +16,9 @@ if (!array_key_exists('AuthState', $_REQUEST)) {
|
|||
$authStateId = $_REQUEST['AuthState'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($authStateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
/* Retrieve the authentication state. */
|
||||
|
|
|
@ -14,9 +14,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
|
|||
$id = $_REQUEST['StateId'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($id);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($id, 'core:short_sso_interval');
|
||||
|
|
|
@ -187,9 +187,9 @@ class sspmod_exampleauth_Auth_Source_External extends SimpleSAML_Auth_Source {
|
|||
$stateId = (string)$_REQUEST['State'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($stateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -33,9 +33,9 @@ if (!preg_match('@State=(.*)@', $returnTo, $matches)) {
|
|||
$stateId = urldecode($matches[1]);
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($stateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
SimpleSAML_Auth_State::loadState($stateId, 'exampleauth:External');
|
||||
|
|
|
@ -15,9 +15,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
|
|||
$id = $_REQUEST['StateId'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($id);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($id, 'exampleauth:redirectfilter-test');
|
||||
|
|
|
@ -16,9 +16,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
|
|||
$id = $_REQUEST['StateId'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($id);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($id, 'expirywarning:about2expire');
|
||||
|
|
|
@ -16,9 +16,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
|
|||
$id = $_REQUEST['StateId'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($id);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($id, 'expirywarning:expired');
|
||||
|
|
|
@ -17,9 +17,9 @@ if (!array_key_exists('AuthState', $_REQUEST)) {
|
|||
$authStateId = $_REQUEST['AuthState'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($authStateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
/* Retrieve the authentication state. */
|
||||
|
|
|
@ -12,9 +12,9 @@
|
|||
$authStateId = $_REQUEST['AuthState'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($authStateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_negotiate_Auth_Source_Negotiate::STAGEID);
|
||||
|
|
|
@ -12,9 +12,9 @@
|
|||
$authStateId = $_REQUEST['AuthState'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($authStateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_negotiate_Auth_Source_Negotiate::STAGEID);
|
||||
|
|
|
@ -8,9 +8,9 @@ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState']))
|
|||
$authState = $_REQUEST['AuthState'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($authState);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($authState);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($authState, 'openid:init');
|
||||
|
|
|
@ -8,9 +8,9 @@ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState']))
|
|||
$authState = $_REQUEST['AuthState'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($authState);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($authState);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($authState, 'openid:auth');
|
||||
|
|
|
@ -330,9 +330,9 @@ class sspmod_openidProvider_Server {
|
|||
assert('is_string($stateId)');
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($stateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
return SimpleSAML_Auth_State::loadState($stateId, 'openidProvider:resumeState');
|
||||
|
|
|
@ -117,9 +117,9 @@ class sspmod_papi_Auth_Source_PAPI extends SimpleSAML_Auth_Source {
|
|||
$this->_stateId = (string)$_REQUEST['SSPStateID'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($this->_stateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($this->_stateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($this->_stateId, self::STAGE_INIT);
|
||||
|
@ -170,9 +170,9 @@ class sspmod_papi_Auth_Source_PAPI extends SimpleSAML_Auth_Source {
|
|||
$this->_stateId = (string)$_REQUEST['SSPStateID'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($this->_stateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($this->_stateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($this->_stateId, self::STAGE_INIT);
|
||||
|
|
|
@ -17,9 +17,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
|
|||
$id = $_REQUEST['StateId'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($id);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($id, 'warning:request');
|
||||
|
|
|
@ -15,9 +15,9 @@ if (!array_key_exists('idpentityid', $_REQUEST)) {
|
|||
$stateID = $_REQUEST['AuthID'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateID);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($stateID);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($stateID, 'saml:sp:sso');
|
||||
|
|
|
@ -32,9 +32,9 @@ if (preg_match('@^https?://@i', $target)) {
|
|||
$stateID = $_REQUEST['TARGET'];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateID);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($stateID);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($stateID, 'saml:sp:sso');
|
||||
|
|
|
@ -54,9 +54,9 @@ $stateId = $response->getInResponseTo();
|
|||
if (!empty($stateId)) {
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($stateId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
/* This is a response to a request we sent earlier. */
|
||||
|
|
|
@ -55,9 +55,9 @@ if ($message instanceof SAML2_LogoutResponse) {
|
|||
}
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($relayState);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($relayState);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$state = SimpleSAML_Auth_State::loadState($relayState, 'saml:slosent');
|
||||
|
|
|
@ -61,9 +61,9 @@ if (array_key_exists(SimpleSAML_Auth_ProcessingChain::AUTHPARAM, $_REQUEST)) {
|
|||
$authProcId = $_REQUEST[SimpleSAML_Auth_ProcessingChain::AUTHPARAM];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($authProcId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($authProcId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$authProcState = SimpleSAML_Auth_ProcessingChain::fetchProcessedState($authProcId);
|
||||
|
|
|
@ -49,9 +49,9 @@ if (array_key_exists(SimpleSAML_Auth_ProcessingChain::AUTHPARAM, $_REQUEST)) {
|
|||
$authProcId = $_REQUEST[SimpleSAML_Auth_ProcessingChain::AUTHPARAM];
|
||||
|
||||
// sanitize the input
|
||||
$restartURL = SimpleSAML_Utilities::getURLFromStateID($authProcId);
|
||||
if (!is_null($restartURL)) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($restartURL);
|
||||
$sid = SimpleSAML_Utilities::parseStateID($authProcId);
|
||||
if (!is_null($sid['url'])) {
|
||||
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
|
||||
}
|
||||
|
||||
$authProcState = SimpleSAML_Auth_ProcessingChain::fetchProcessedState($authProcId);
|
||||
|
|
Reference in New Issue