Fix two user-assisted cross site scripting attacks.
Thanks to Google Code user timtai1 for notifying us about this problem! git-svn-id: http://simplesamlphp.googlecode.com/svn/trunk@3009 44740490-163a-0410-bde0-09ae8108e29a
This commit is contained in:
parent
85c259f13f
commit
70e3eb85c4
|
@ -2,6 +2,7 @@
|
|||
|
||||
if (isset($_REQUEST['retryURL'])) {
|
||||
$retryURL = (string)$_REQUEST['retryURL'];
|
||||
$retryURL = SimpleSAML_Utilities::normalizeURL($retryURL);
|
||||
} else {
|
||||
$retryURL = NULL;
|
||||
}
|
||||
|
|
|
@ -5,7 +5,8 @@ require_once('_include.php');
|
|||
$config = SimpleSAML_Configuration::getInstance();
|
||||
|
||||
if(array_key_exists('link_href', $_REQUEST)) {
|
||||
$link = $_REQUEST['link_href'];
|
||||
$link = (string)$_REQUEST['link_href'];
|
||||
$link = SimpleSAML_Utilities::normalizeURL($link);
|
||||
} else {
|
||||
$link = 'index.php';
|
||||
}
|
||||
|
|
Reference in New Issue