Fix two user-assisted cross site scripting attacks.

Thanks to Google Code user timtai1 for notifying us about this problem! git-svn-id: http://simplesamlphp.googlecode.com/svn/trunk@3009 44740490-163a-0410-bde0-09ae8108e29a
2012-01-10 13:11:01 +00:00 · 2012-01-10 13:11:01 +00:00 · 70e3eb85c4
parent 85c259f13f
commit 70e3eb85c4
2 changed files with 3 additions and 1 deletions
--- a/modules/core/www/no_cookie.php
+++ b/modules/core/www/no_cookie.php
@ -2,6 +2,7 @@

 if (isset($_REQUEST['retryURL'])) {
 	$retryURL = (string)$_REQUEST['retryURL'];
+	$retryURL = SimpleSAML_Utilities::normalizeURL($retryURL);
 } else {
 	$retryURL = NULL;
 }
--- a/www/logout.php
+++ b/www/logout.php
@ -5,7 +5,8 @@ require_once('_include.php');
 $config = SimpleSAML_Configuration::getInstance();

 if(array_key_exists('link_href', $_REQUEST)) {
-	$link = $_REQUEST['link_href'];
+	$link = (string)$_REQUEST['link_href'];
+	$link = SimpleSAML_Utilities::normalizeURL($link);
 } else {
 	$link = 'index.php';
 }