Start using the redirectTrustedURL() and redirectUntrustedURL() wrappers.
git-svn-id: http://simplesamlphp.googlecode.com/svn/trunk@3326 44740490-163a-0410-bde0-09ae8108e29a
This commit is contained in:
parent
90a86f5ec7
commit
952fc24f8c
|
@ -120,7 +120,7 @@ class SimpleSAML_Auth_BWC extends SimpleSAML_Auth_Simple {
|
|||
|
||||
$config = SimpleSAML_Configuration::getInstance();
|
||||
$authurl = '/' . $config->getBaseURL() . $this->auth;
|
||||
SimpleSAML_Utilities::redirect($authurl, array(
|
||||
SimpleSAML_Utilities::redirectTrustedURL($authurl, array(
|
||||
'RelayState' => $relayState,
|
||||
'AuthId' => $authId,
|
||||
'protocol' => 'saml2',
|
||||
|
@ -143,20 +143,19 @@ class SimpleSAML_Auth_BWC extends SimpleSAML_Auth_Simple {
|
|||
$session = SimpleSAML_Session::getInstance();
|
||||
if (!$session->isValid($this->authority)) {
|
||||
/* Not authenticated to this authentication source. */
|
||||
SimpleSAML_Utilities::redirect($url);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($url);
|
||||
assert('FALSE');
|
||||
}
|
||||
|
||||
if ($this->authority === 'saml2') {
|
||||
$config = SimpleSAML_Configuration::getInstance();
|
||||
SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'saml2/sp/initSLO.php',
|
||||
SimpleSAML_Utilities::redirectUntrustedURL('/' . $config->getBaseURL() . 'saml2/sp/initSLO.php',
|
||||
array('RelayState' => $url)
|
||||
);
|
||||
}
|
||||
|
||||
$session->doLogout($this->authority);
|
||||
|
||||
SimpleSAML_Utilities::redirect($url);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($url);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -121,7 +121,7 @@ class SimpleSAML_Auth_Default {
|
|||
|
||||
if (is_string($return)) {
|
||||
/* Redirect... */
|
||||
SimpleSAML_Utilities::redirect($return);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($return);
|
||||
} else {
|
||||
call_user_func($return, $state);
|
||||
assert('FALSE');
|
||||
|
@ -184,7 +184,7 @@ class SimpleSAML_Auth_Default {
|
|||
self::initLogoutReturn($returnURL, $authority);
|
||||
|
||||
/* Redirect... */
|
||||
SimpleSAML_Utilities::redirect($returnURL);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($returnURL);
|
||||
}
|
||||
|
||||
|
||||
|
@ -202,7 +202,7 @@ class SimpleSAML_Auth_Default {
|
|||
$returnURL = $state['SimpleSAML_Auth_Default.ReturnURL'];
|
||||
|
||||
/* Redirect... */
|
||||
SimpleSAML_Utilities::redirect($returnURL);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($returnURL);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -248,7 +248,7 @@ class SimpleSAML_Auth_ProcessingChain {
|
|||
* in $state['ReturnURL'].
|
||||
*/
|
||||
$id = SimpleSAML_Auth_State::saveState($state, self::COMPLETED_STAGE);
|
||||
SimpleSAML_Utilities::redirect($state['ReturnURL'], array(self::AUTHPARAM => $id));
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($state['ReturnURL'], array(self::AUTHPARAM => $id));
|
||||
} else {
|
||||
/* Pass the state to the function defined in $state['ReturnCall']. */
|
||||
|
||||
|
|
|
@ -219,7 +219,7 @@ class SimpleSAML_Auth_Simple {
|
|||
$params[$state['ReturnStateParam']] = $stateID;
|
||||
}
|
||||
|
||||
SimpleSAML_Utilities::redirect($state['ReturnTo'], $params);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($state['ReturnTo'], $params);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -232,7 +232,7 @@ class SimpleSAML_Auth_State {
|
|||
throw new SimpleSAML_Error_NoState();
|
||||
}
|
||||
|
||||
SimpleSAML_Utilities::redirect($restartURL);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($restartURL);
|
||||
}
|
||||
|
||||
$state = unserialize($state);
|
||||
|
@ -256,7 +256,7 @@ class SimpleSAML_Auth_State {
|
|||
throw new Exception($msg);
|
||||
}
|
||||
|
||||
SimpleSAML_Utilities::redirect($restartURL);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($restartURL);
|
||||
}
|
||||
|
||||
return $state;
|
||||
|
@ -301,7 +301,7 @@ class SimpleSAML_Auth_State {
|
|||
$id = self::saveState($state, self::EXCEPTION_STAGE);
|
||||
|
||||
/* Redirect to the exception handler. */
|
||||
SimpleSAML_Utilities::redirect($state[self::EXCEPTION_HANDLER_URL], array(self::EXCEPTION_PARAM => $id));
|
||||
SimpleSAML_Utilities::redirectTrustedURL($state[self::EXCEPTION_HANDLER_URL], array(self::EXCEPTION_PARAM => $id));
|
||||
|
||||
} elseif (array_key_exists(self::EXCEPTION_HANDLER_FUNC, $state)) {
|
||||
/* Call the exception handler. */
|
||||
|
|
|
@ -529,7 +529,7 @@ class SimpleSAML_IdP {
|
|||
public static function finishLogoutRedirect(SimpleSAML_IdP $idp, array $state) {
|
||||
assert('isset($state["core:Logout:URL"])');
|
||||
|
||||
SimpleSAML_Utilities::redirect($state['core:Logout:URL']);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($state['core:Logout:URL']);
|
||||
assert('FALSE');
|
||||
}
|
||||
|
||||
|
|
|
@ -49,7 +49,7 @@ class SimpleSAML_IdP_LogoutIFrame extends SimpleSAML_IdP_LogoutHandler {
|
|||
}
|
||||
|
||||
$url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', $params);
|
||||
SimpleSAML_Utilities::redirect($url);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ class SimpleSAML_IdP_LogoutTraditional extends SimpleSAML_IdP_LogoutHandler {
|
|||
try {
|
||||
$idp = SimpleSAML_IdP::getByState($association);
|
||||
$url = call_user_func(array($association['Handler'], 'getLogoutURL'), $idp, $association, $relayState);
|
||||
SimpleSAML_Utilities::redirect($url);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url);
|
||||
} catch (Exception $e) {
|
||||
SimpleSAML_Logger::warning('Unable to initialize logout to ' . var_export($id, TRUE) . '.');
|
||||
$this->idp->terminateAssociation($id);
|
||||
|
|
|
@ -463,7 +463,7 @@ class SimpleSAML_XHTML_IdPDisco {
|
|||
$extDiscoveryStorage = $this->config->getString('idpdisco.extDiscoveryStorage', NULL);
|
||||
if ($extDiscoveryStorage !== NULL) {
|
||||
$this->log('Choice made [' . $idp . '] (Forwarding to external discovery storage)');
|
||||
SimpleSAML_Utilities::redirect($extDiscoveryStorage, array(
|
||||
SimpleSAML_Utilities::redirectTrustedURL($extDiscoveryStorage, array(
|
||||
// $this->returnIdParam => $idp,
|
||||
'entityID' => $this->spEntityId,
|
||||
'IdPentityID' => $idp,
|
||||
|
@ -474,7 +474,7 @@ class SimpleSAML_XHTML_IdPDisco {
|
|||
|
||||
} else {
|
||||
$this->log('Choice made [' . $idp . '] (Redirecting the user back. returnIDParam=' . $this->returnIdParam . ')');
|
||||
SimpleSAML_Utilities::redirect($this->returnURL, array($this->returnIdParam => $idp));
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($this->returnURL, array($this->returnIdParam => $idp));
|
||||
}
|
||||
|
||||
return;
|
||||
|
@ -482,7 +482,7 @@ class SimpleSAML_XHTML_IdPDisco {
|
|||
|
||||
if ($this->isPassive) {
|
||||
$this->log('Choice not made. (Redirecting the user back without answer)');
|
||||
SimpleSAML_Utilities::redirect($this->returnURL);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($this->returnURL);
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -500,7 +500,7 @@ class SimpleSAML_XHTML_IdPDisco {
|
|||
|
||||
if(sizeof($idpintersection) == 1) {
|
||||
$this->log('Choice made [' . $idpintersection[0] . '] (Redirecting the user back. returnIDParam=' . $this->returnIdParam . ')');
|
||||
SimpleSAML_Utilities::redirect($this->returnURL, array($this->returnIdParam => $idpintersection[0]));
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($this->returnURL, array($this->returnIdParam => $idpintersection[0]));
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -37,7 +37,7 @@ class sspmod_InfoCard_Auth_Source_ICAuth extends SimpleSAML_Auth_Source {
|
|||
$state[self::AUTHID] = $this->authId;
|
||||
$id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
|
||||
$url = SimpleSAML_Module::getModuleURL('InfoCard/login-infocard.php');
|
||||
SimpleSAML_Utilities::redirect($url, array('AuthState' => $id));
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url, array('AuthState' => $id));
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -171,7 +171,7 @@ class sspmod_adfs_IdP_ADFS {
|
|||
// NB:: we don't know from which SP the logout request came from
|
||||
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
|
||||
$idpMetadata = $idp->getConfig();
|
||||
SimpleSAML_Utilities::redirect($idpMetadata->getValue('redirect-after-logout', SimpleSAML_Utilities::getBaseURL()));
|
||||
SimpleSAML_Utilities::redirectTrustedURL($idpMetadata->getValue('redirect-after-logout', SimpleSAML_Utilities::getBaseURL()));
|
||||
}
|
||||
|
||||
public static function receiveLogoutMessage(SimpleSAML_IdP $idp) {
|
||||
|
|
|
@ -52,7 +52,7 @@ class sspmod_aselect_Auth_Source_aselect extends SimpleSAML_Auth_Source {
|
|||
$app_url = SimpleSAML_Module::getModuleURL('aselect/credentials.php', array('ssp_state' => $id));
|
||||
$as_url = $this->request_authentication($app_url);
|
||||
|
||||
SimpleSAML_Utilities::redirect($as_url);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($as_url);
|
||||
} catch(Exception $e) {
|
||||
// attach the exception to the state
|
||||
SimpleSAML_Auth_State::throwException($state, $e);
|
||||
|
|
|
@ -104,7 +104,7 @@ class sspmod_authYubiKey_Auth_Source_YubiKey extends SimpleSAML_Auth_Source {
|
|||
$id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
|
||||
|
||||
$url = SimpleSAML_Module::getModuleURL('authYubiKey/yubikeylogin.php');
|
||||
SimpleSAML_Utilities::redirect($url, array('AuthState' => $id));
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url, array('AuthState' => $id));
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -80,7 +80,7 @@ class sspmod_authfacebook_Auth_Source_Facebook extends SimpleSAML_Auth_Source {
|
|||
$url = $facebook->getLoginUrl(array('redirect_uri' => $linkback, 'scope' => $this->req_perms));
|
||||
SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
|
||||
|
||||
SimpleSAML_Utilities::redirect($url);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -129,7 +129,7 @@ class sspmod_authorize_Auth_Process_Authorize extends SimpleSAML_Auth_Processing
|
|||
'authorize:Authorize');
|
||||
$url = SimpleSAML_Module::getModuleURL(
|
||||
'authorize/authorize_403.php');
|
||||
SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -72,7 +72,7 @@ class sspmod_authwindowslive_Auth_Source_LiveID extends SimpleSAML_Auth_Source {
|
|||
. '&wrap_scope=WL_Profiles.View,Messenger.SignIn'
|
||||
;
|
||||
|
||||
SimpleSAML_Utilities::redirect($authorizeURL);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($authorizeURL);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -206,7 +206,7 @@ class sspmod_cas_Auth_Source_CAS extends SimpleSAML_Auth_Source {
|
|||
|
||||
$serviceUrl = SimpleSAML_Module::getModuleURL('cas/linkback.php', array('stateID' => $stateID));
|
||||
|
||||
SimpleSAML_Utilities::redirect($this->_loginMethod, array(
|
||||
SimpleSAML_Utilities::redirectTrustedURL($this->_loginMethod, array(
|
||||
'service' => $serviceUrl));
|
||||
}
|
||||
|
||||
|
@ -230,7 +230,7 @@ class sspmod_cas_Auth_Source_CAS extends SimpleSAML_Auth_Source {
|
|||
|
||||
SimpleSAML_Auth_State::deleteState($state);
|
||||
// we want cas to log us out
|
||||
SimpleSAML_Utilities::redirect($logoutUrl, array());
|
||||
SimpleSAML_Utilities::redirectTrustedURL($logoutUrl);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -48,7 +48,7 @@ storeTicket($ticket, $path, array('service' => $service,
|
|||
'proxies' => array(),
|
||||
'validbefore' => time() + 5));
|
||||
|
||||
SimpleSAML_Utilities::redirect(
|
||||
SimpleSAML_Utilities::redirectUntrustedURL(
|
||||
SimpleSAML_Utilities::addURLparameter($service,
|
||||
array('ticket' => $ticket)
|
||||
)
|
||||
|
|
|
@ -325,7 +325,7 @@ class sspmod_cdc_Server {
|
|||
|
||||
$url = SimpleSAML_Utilities::addURLparameter($to, $params);
|
||||
if (strlen($url) < 2048) {
|
||||
SimpleSAML_Utilities::redirect($url);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($url);
|
||||
} else {
|
||||
SimpleSAML_Utilities::postRedirect($to, $params);
|
||||
}
|
||||
|
|
|
@ -278,7 +278,7 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt
|
|||
// Save state and redirect
|
||||
$id = SimpleSAML_Auth_State::saveState($state, 'consent:request');
|
||||
$url = SimpleSAML_Module::getModuleURL('consent/getconsent.php');
|
||||
SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -10,7 +10,7 @@ class sspmod_consent_Logout {
|
|||
|
||||
public static function postLogout(SimpleSAML_IdP $idp, array $state) {
|
||||
$url = SimpleSAML_Module::getModuleURL('consent/logout_completed.php');
|
||||
SimpleSAML_Utilities::redirect($url);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -47,7 +47,7 @@ class sspmod_core_Auth_Process_WarnShortSSOInterval extends SimpleSAML_Auth_Proc
|
|||
/* Save state and redirect. */
|
||||
$id = SimpleSAML_Auth_State::saveState($state, 'core:short_sso_interval');
|
||||
$url = SimpleSAML_Module::getModuleURL('core/short_sso_interval.php');
|
||||
SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -158,7 +158,7 @@ abstract class sspmod_core_Auth_UserPassBase extends SimpleSAML_Auth_Source {
|
|||
*/
|
||||
$url = SimpleSAML_Module::getModuleURL('core/loginuserpass.php');
|
||||
$params = array('AuthState' => $id);
|
||||
SimpleSAML_Utilities::redirect($url, $params);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url, $params);
|
||||
|
||||
/* The previous function never returns, so this code is never executed. */
|
||||
assert('FALSE');
|
||||
|
|
|
@ -157,7 +157,7 @@ abstract class sspmod_core_Auth_UserPassOrgBase extends SimpleSAML_Auth_Source {
|
|||
|
||||
$url = SimpleSAML_Module::getModuleURL('core/loginuserpassorg.php');
|
||||
$params = array('AuthState' => $id);
|
||||
SimpleSAML_Utilities::redirect($url, $params);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url, $params);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -35,4 +35,4 @@ if (!empty($_REQUEST['saml:idp'])) {
|
|||
$as = new SimpleSAML_Auth_Simple($_REQUEST['AuthId']);
|
||||
$as->requireAuth($options);
|
||||
|
||||
SimpleSAML_Utilities::redirect($_REQUEST['ReturnTo']);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($_REQUEST['ReturnTo']);
|
||||
|
|
|
@ -20,7 +20,7 @@ if ($requestcache['ForceAuthn'] && $requestcache['core:prevSession'] === $sessio
|
|||
}
|
||||
|
||||
if (isset($state['ReturnTo'])) {
|
||||
SimpleSAML_Utilities::redirect($state['ReturnTo']);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($state['ReturnTo']);
|
||||
}
|
||||
|
||||
foreach ($session->getAuthState($authority) as $k => $v) {
|
||||
|
|
|
@ -33,5 +33,5 @@ if(array_key_exists('ReturnTo', $_REQUEST)) {
|
|||
}
|
||||
|
||||
/* Redirect to destination. */
|
||||
SimpleSAML_Utilities::redirect($returnTo);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($returnTo);
|
||||
|
||||
|
|
|
@ -10,5 +10,5 @@ $returnTo = $_REQUEST['ReturnTo'];
|
|||
|
||||
SimpleSAML_Utilities::requireAdmin();
|
||||
|
||||
SimpleSAML_Utilities::redirect($returnTo);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($returnTo);
|
||||
|
||||
|
|
|
@ -193,7 +193,7 @@ class sspmod_discopower_PowerIdPDisco extends SimpleSAML_XHTML_IdPDisco {
|
|||
if ($this->config->getBoolean('idpdisco.extDiscoveryStorage', NULL) != NULL) {
|
||||
$extDiscoveryStorage = $this->config->getBoolean('idpdisco.extDiscoveryStorage');
|
||||
$this->log('Choice made [' . $idp . '] (Forwarding to external discovery storage)');
|
||||
SimpleSAML_Utilities::redirect($extDiscoveryStorage, array(
|
||||
SimpleSAML_Utilities::redirectTrustedURL($extDiscoveryStorage, array(
|
||||
'entityID' => $this->spEntityId,
|
||||
'IdPentityID' => $idp,
|
||||
'returnIDParam' => $this->returnIdParam,
|
||||
|
@ -203,7 +203,7 @@ class sspmod_discopower_PowerIdPDisco extends SimpleSAML_XHTML_IdPDisco {
|
|||
|
||||
} else {
|
||||
$this->log('Choice made [' . $idp . '] (Redirecting the user back. returnIDParam=' . $this->returnIdParam . ')');
|
||||
SimpleSAML_Utilities::redirect($this->returnURL, array($this->returnIdParam => $idp));
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($this->returnURL, array($this->returnIdParam => $idp));
|
||||
}
|
||||
|
||||
return;
|
||||
|
@ -211,7 +211,7 @@ class sspmod_discopower_PowerIdPDisco extends SimpleSAML_XHTML_IdPDisco {
|
|||
|
||||
if ($this->isPassive) {
|
||||
$this->log('Choice not made. (Redirecting the user back without answer)');
|
||||
SimpleSAML_Utilities::redirect($this->returnURL);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($this->returnURL);
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
@ -22,7 +22,7 @@ class sspmod_exampleauth_Auth_Process_RedirectTest extends SimpleSAML_Auth_Proce
|
|||
/* Save state and redirect. */
|
||||
$id = SimpleSAML_Auth_State::saveState($state, 'exampleauth:redirectfilter-test');
|
||||
$url = SimpleSAML_Module::getModuleURL('exampleauth/redirecttest.php');
|
||||
SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -156,7 +156,7 @@ class sspmod_exampleauth_Auth_Source_External extends SimpleSAML_Auth_Source {
|
|||
* Note the 'ReturnTo' parameter. This must most likely be replaced with
|
||||
* the real name of the parameter for the login page.
|
||||
*/
|
||||
SimpleSAML_Utilities::redirect($authPage, array(
|
||||
SimpleSAML_Utilities::redirectTrustedURL($authPage, array(
|
||||
'ReturnTo' => $returnTo,
|
||||
));
|
||||
|
||||
|
|
|
@ -136,7 +136,7 @@ class sspmod_expirycheck_Auth_Process_ExpiryDate extends SimpleSAML_Auth_Process
|
|||
$state['netId'] = $netId;
|
||||
$id = SimpleSAML_Auth_State::saveState($state, 'expirywarning:about2expire');
|
||||
$url = SimpleSAML_Module::getModuleURL('expirycheck/about2expire.php');
|
||||
SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
|
||||
}
|
||||
|
||||
if (!self::checkDate($expireOnDate)) {
|
||||
|
@ -149,7 +149,7 @@ class sspmod_expirycheck_Auth_Process_ExpiryDate extends SimpleSAML_Auth_Process
|
|||
$state['netId'] = $netId;
|
||||
$id = SimpleSAML_Auth_State::saveState($state, 'expirywarning:expired');
|
||||
$url = SimpleSAML_Module::getModuleURL('expirycheck/expired.php');
|
||||
SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
@ -121,7 +121,7 @@ class sspmod_multiauth_Auth_Source_MultiAuth extends SimpleSAML_Auth_Source {
|
|||
$params['source'] = $_GET['source'];
|
||||
}
|
||||
|
||||
SimpleSAML_Utilities::redirect($url, $params);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url, $params);
|
||||
|
||||
/* The previous function never returns, so this code is never
|
||||
executed */
|
||||
|
|
|
@ -94,7 +94,7 @@ class sspmod_oauth_Consumer {
|
|||
}
|
||||
$authorizeURL = SimpleSAML_Utilities::addURLparameter($url, $params);
|
||||
if ($redirect) {
|
||||
SimpleSAML_Utilities::redirect($authorizeURL);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($authorizeURL);
|
||||
exit;
|
||||
}
|
||||
return $authorizeURL;
|
||||
|
|
|
@ -56,11 +56,11 @@ try {
|
|||
|
||||
if ($url) {
|
||||
// If authorize() returns a URL, take user there (oauth1.0a)
|
||||
SimpleSAML_Utilities::redirect($url);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($url);
|
||||
}
|
||||
else if (isset($_REQUEST['oauth_callback'])) {
|
||||
// If callback was provided in the request (oauth1.0)
|
||||
SimpleSAML_Utilities::redirect($_REQUEST['oauth_callback']);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($_REQUEST['oauth_callback']);
|
||||
|
||||
} else {
|
||||
// No callback provided, display standard template
|
||||
|
|
|
@ -123,7 +123,7 @@ class sspmod_openid_Auth_Source_OpenIDConsumer extends SimpleSAML_Auth_Source {
|
|||
$id = SimpleSAML_Auth_State::saveState($state, 'openid:init');
|
||||
|
||||
$url = SimpleSAML_Module::getModuleURL('openid/consumer.php');
|
||||
SimpleSAML_Utilities::redirect($url, array('AuthState' => $id));
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url, array('AuthState' => $id));
|
||||
}
|
||||
|
||||
|
||||
|
@ -251,7 +251,7 @@ class sspmod_openid_Auth_Source_OpenIDConsumer extends SimpleSAML_Auth_Source {
|
|||
|
||||
// For OpenID 2 failover to POST if redirect URL is longer than 2048
|
||||
if ($should_send_redirect || strlen($redirect_url) <= 2048) {
|
||||
SimpleSAML_Utilities::redirect($redirect_url);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($redirect_url);
|
||||
assert('FALSE');
|
||||
}
|
||||
}
|
||||
|
|
|
@ -401,7 +401,7 @@ class sspmod_openidProvider_Server {
|
|||
}
|
||||
|
||||
$trustURL = $this->getStateURL('trust.php', $state);
|
||||
SimpleSAML_Utilities::redirect($trustURL);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($trustURL);
|
||||
}
|
||||
|
||||
if (!$trusted) {
|
||||
|
|
|
@ -15,7 +15,7 @@ if (!$userId && $identity) {
|
|||
* We are accessing the front-page, but are logged in.
|
||||
* Redirect to the correct page.
|
||||
*/
|
||||
SimpleSAML_Utilities::redirect($identity);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($identity);
|
||||
}
|
||||
|
||||
/* Determine whether we are at the users own page. */
|
||||
|
@ -39,7 +39,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||
}
|
||||
}
|
||||
|
||||
SimpleSAML_Utilities::redirect($identity);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($identity);
|
||||
}
|
||||
|
||||
if ($ownPage) {
|
||||
|
|
|
@ -29,7 +29,7 @@ class sspmod_preprodwarning_Auth_Process_Warning extends SimpleSAML_Auth_Process
|
|||
/* Save state and redirect. */
|
||||
$id = SimpleSAML_Auth_State::saveState($state, 'warning:request');
|
||||
$url = SimpleSAML_Module::getModuleURL('preprodwarning/showwarning.php');
|
||||
SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -80,6 +80,6 @@ class sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef extends SimpleSAML_A
|
|||
$id = SimpleSAML_Auth_State::saveState($request, 'saml:ExpectedAuthnContextClassRef:unauthorized');
|
||||
$url = SimpleSAML_Module::getModuleURL(
|
||||
'saml/sp/wrong_authncontextclassref.php');
|
||||
SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -168,7 +168,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
|
|||
|
||||
SimpleSAML_Logger::debug('Starting SAML 1 SSO to ' . var_export($idpEntityId, TRUE) .
|
||||
' from ' . var_export($this->entityId, TRUE) . '.');
|
||||
SimpleSAML_Utilities::redirect($url);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url);
|
||||
}
|
||||
|
||||
|
||||
|
@ -355,7 +355,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
|
|||
$params['isPassive'] = 'true';
|
||||
}
|
||||
|
||||
SimpleSAML_Utilities::redirect($discoURL, $params);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($discoURL, $params);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -45,7 +45,7 @@ if ($prevAuth !== NULL && $prevAuth['id'] === $response->getId() && $prevAuth['i
|
|||
* instead of displaying a confusing error message.
|
||||
*/
|
||||
SimpleSAML_Logger::info('Duplicate SAML 2 response detected - ignoring the response and redirecting the user to the correct page.');
|
||||
SimpleSAML_Utilities::redirect($prevAuth['redirect']);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($prevAuth['redirect']);
|
||||
}
|
||||
|
||||
$idpMetadata = array();
|
||||
|
|
|
@ -59,7 +59,7 @@ if (isset($_POST['password'])) {
|
|||
else
|
||||
SimpleSAML_Logger::stats('AUTH-login-admin OK');
|
||||
|
||||
SimpleSAML_Utilities::redirect($relaystate);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($relaystate);
|
||||
exit(0);
|
||||
} else {
|
||||
SimpleSAML_Logger::stats('AUTH-login-admin Failed');
|
||||
|
|
|
@ -104,7 +104,7 @@ function casValidate($cas) {
|
|||
*/
|
||||
} else {
|
||||
SimpleSAML_Logger::info("AUTH - cas-ldap: redirecting to {$cas['login']}");
|
||||
SimpleSAML_Utilities::redirect($cas['login'], array(
|
||||
SimpleSAML_Utilities::redirectTrustedURL($cas['login'], array(
|
||||
'service' => $service
|
||||
));
|
||||
}
|
||||
|
@ -132,7 +132,7 @@ try {
|
|||
$session->setNameID(array(
|
||||
'value' => SimpleSAML_Utilities::generateID(),
|
||||
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
|
||||
SimpleSAML_Utilities::redirect($relaystate);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($relaystate);
|
||||
|
||||
} catch(Exception $exception) {
|
||||
throw new SimpleSAML_Error_Error('CASERROR', $exception);
|
||||
|
|
|
@ -71,7 +71,7 @@ if (isset($_POST['username'])) {
|
|||
|
||||
|
||||
$returnto = $_REQUEST['RelayState'];
|
||||
SimpleSAML_Utilities::redirect($returnto);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($returnto);
|
||||
|
||||
} catch (Exception $e) {
|
||||
|
||||
|
|
|
@ -110,7 +110,7 @@ if (isset($_POST['username'])) {
|
|||
|
||||
|
||||
$returnto = $_REQUEST['RelayState'];
|
||||
SimpleSAML_Utilities::redirect($returnto);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($returnto);
|
||||
|
||||
|
||||
case RADIUS_ACCESS_REJECT:
|
||||
|
|
|
@ -69,7 +69,7 @@ try {
|
|||
|
||||
|
||||
$returnto = $_REQUEST['RelayState'];
|
||||
SimpleSAML_Utilities::redirect($returnto);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($returnto);
|
||||
|
||||
|
||||
} catch (Exception $e) {
|
||||
|
|
|
@ -59,7 +59,7 @@ if ($username = $_POST['username']) {
|
|||
$session->setNameID(array(
|
||||
'value' => SimpleSAML_Utilities::generateID(),
|
||||
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
|
||||
SimpleSAML_Utilities::redirect($relaystate);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($relaystate);
|
||||
}
|
||||
} catch(Exception $e) {
|
||||
throw new SimpleSAML_Error_Error('LDAPERROR', $e);
|
||||
|
|
|
@ -126,7 +126,7 @@ if (isset($_POST['username'])) {
|
|||
|
||||
|
||||
$returnto = $_REQUEST['RelayState'];
|
||||
SimpleSAML_Utilities::redirect($returnto);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($returnto);
|
||||
|
||||
|
||||
} catch (Exception $e) {
|
||||
|
|
|
@ -109,7 +109,7 @@ try {
|
|||
$session->registerLogoutHandler('SimpleSAML_AuthMemCookie', 'logoutHandler');
|
||||
|
||||
/* Redirect the user back to this page to signal that the login is completed. */
|
||||
SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURL());
|
||||
SimpleSAML_Utilities::redirectTrustedURL(SimpleSAML_Utilities::selfURL());
|
||||
} catch(Exception $e) {
|
||||
throw new SimpleSAML_Error_Error('CONFIG', $e);
|
||||
}
|
||||
|
|
|
@ -99,4 +99,4 @@ if ($config->getBoolean('errorreporting', TRUE) && $toAddress !== 'na@example.or
|
|||
}
|
||||
|
||||
/* Redirect the user back to this page to clear the POST request. */
|
||||
SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery());
|
||||
SimpleSAML_Utilities::redirectTrustedURL(SimpleSAML_Utilities::selfURLNoQuery());
|
||||
|
|
|
@ -61,7 +61,7 @@ function handleResponse() {
|
|||
$data['attributes'] = $assertion->getAttributes();
|
||||
$GLOBALS['session']->setData('attributequeryexample:data', $dataId, $data, 3600);
|
||||
|
||||
SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery(),
|
||||
SimpleSAML_Utilities::redirectTrustedURL(SimpleSAML_Utilities::selfURLNoQuery(),
|
||||
array('dataId' => $dataId));
|
||||
}
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@ $session = SimpleSAML_Session::getInstance();
|
|||
* retrieving attributes from the session.
|
||||
*/
|
||||
if (!$session->isValid('saml2') ) {
|
||||
SimpleSAML_Utilities::redirect(
|
||||
SimpleSAML_Utilities::redirectTrustedURL(
|
||||
'/' . $config->getBaseURL() . 'saml2/sp/initSSO.php',
|
||||
array('RelayState' => SimpleSAML_Utilities::selfURL())
|
||||
);
|
||||
|
|
|
@ -41,7 +41,7 @@ $session = SimpleSAML_Session::getInstance();
|
|||
* retrieving attributes from the session.
|
||||
*/
|
||||
if (!$session->isValid('shib13') ) {
|
||||
SimpleSAML_Utilities::redirect(
|
||||
SimpleSAML_Utilities::redirectTrustedURL(
|
||||
'/' . $config->getBaseURL() . 'shib13/sp/initSSO.php',
|
||||
array('RelayState' => SimpleSAML_Utilities::selfURL())
|
||||
);
|
||||
|
|
|
@ -6,7 +6,7 @@ $config = SimpleSAML_Configuration::getInstance();
|
|||
$session = SimpleSAML_Session::getInstance();
|
||||
|
||||
if (!$session->isValid('wsfed') ) {
|
||||
SimpleSAML_Utilities::redirect(
|
||||
SimpleSAML_Utilities::redirectTrustedURL(
|
||||
'/' . $config->getBaseURL() . 'wsfed/sp/initSSO.php',
|
||||
array('RelayState' => SimpleSAML_Utilities::selfURL())
|
||||
);
|
||||
|
|
|
@ -3,4 +3,4 @@
|
|||
require_once('_include.php');
|
||||
|
||||
|
||||
SimpleSAML_Utilities::redirect(SimpleSAML_Module::getModuleURL('core/frontpage_welcome.php'));
|
||||
SimpleSAML_Utilities::redirectTrustedURL(SimpleSAML_Module::getModuleURL('core/frontpage_welcome.php'));
|
||||
|
|
|
@ -47,7 +47,7 @@ function finishLogin($authProcState) {
|
|||
global $session;
|
||||
$session->doLogin('saml2', $authData);
|
||||
|
||||
SimpleSAML_Utilities::redirect($authProcState['core:saml20-sp:TargetURL']);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($authProcState['core:saml20-sp:TargetURL']);
|
||||
}
|
||||
|
||||
SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Accessing SAML 2.0 SP endpoint AssertionConsumerService');
|
||||
|
@ -116,7 +116,7 @@ try {
|
|||
$status = $response->getStatus();
|
||||
if(array_key_exists('OnError', $info)) {
|
||||
/* We have an error handler. Return the error to it. */
|
||||
SimpleSAML_Utilities::redirect($info['OnError'], array('StatusCode' => $status['Code']));
|
||||
SimpleSAML_Utilities::redirectTrustedURL($info['OnError'], array('StatusCode' => $status['Code']));
|
||||
}
|
||||
|
||||
/* We don't have an error handler. Show an error page. */
|
||||
|
|
|
@ -88,7 +88,7 @@ if ($message instanceof SAML2_LogoutRequest) {
|
|||
throw new SimpleSAML_Error_Error('LOGOUTINFOLOST');
|
||||
}
|
||||
|
||||
SimpleSAML_Utilities::redirect($returnTo);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($returnTo);
|
||||
|
||||
} else {
|
||||
throw new SimpleSAML_Error_Error('SLOSERVICEPARAMS');
|
||||
|
|
|
@ -25,7 +25,7 @@ try {
|
|||
$idpEntityId = $session->getAuthData('saml2', 'saml:sp:IdP');
|
||||
if ($idpEntityId === NULL) {
|
||||
SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: User not authenticated with an IdP.');
|
||||
SimpleSAML_Utilities::redirect($returnTo);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($returnTo);
|
||||
}
|
||||
$idpMetadata = $metadata->getMetaDataConfig($idpEntityId, 'saml20-idp-remote');
|
||||
$SLOendpoint = $idpMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array(
|
||||
|
@ -35,7 +35,7 @@ try {
|
|||
if ($SLOendpoint === NULL) {
|
||||
$session->doLogout('saml2');
|
||||
SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: No supported SingleLogoutService endpoint in IdP.');
|
||||
SimpleSAML_Utilities::redirect($returnTo);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($returnTo);
|
||||
}
|
||||
|
||||
$spEntityId = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
|
||||
|
|
|
@ -96,7 +96,7 @@ if ($idpentityid === NULL) {
|
|||
|
||||
$extDiscoveryStorage = $config->getBoolean('idpdisco.extDiscoveryStorage');
|
||||
|
||||
SimpleSAML_Utilities::redirect($extDiscoveryStorage, array(
|
||||
SimpleSAML_Utilities::redirectTrustedURL($extDiscoveryStorage, array(
|
||||
'entityID' => $spentityid,
|
||||
'return' => SimpleSAML_Utilities::addURLparameter($discourl, array(
|
||||
'return' => SimpleSAML_Utilities::selfURL(),
|
||||
|
@ -120,7 +120,7 @@ if ($idpentityid === NULL) {
|
|||
$discoparameters['IDPList'] = $reachableIDPs;
|
||||
}
|
||||
|
||||
SimpleSAML_Utilities::redirect($discourl, $discoparameters);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($discourl, $discoparameters);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ function finishLogin($authProcState) {
|
|||
global $session;
|
||||
$session->doLogin('shib13', $authData);
|
||||
|
||||
SimpleSAML_Utilities::redirect($authProcState['core:shib13-sp:TargetURL']);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($authProcState['core:shib13-sp:TargetURL']);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -58,7 +58,7 @@ if (!isset($session) || !$session->isValid('shib13') ) {
|
|||
$discservice = '/' . $config->getBaseURL() . 'shib13/sp/idpdisco.php';
|
||||
}
|
||||
|
||||
SimpleSAML_Utilities::redirect($discservice, array(
|
||||
SimpleSAML_Utilities::redirectTrustedURL($discservice, array(
|
||||
'entityID' => $spentityid,
|
||||
'return' => SimpleSAML_Utilities::selfURL(),
|
||||
'returnIDParam' => 'idpentityid',
|
||||
|
@ -75,7 +75,7 @@ if (!isset($session) || !$session->isValid('shib13') ) {
|
|||
SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')');
|
||||
|
||||
$url = $ar->createRedirect($idpentityid);
|
||||
SimpleSAML_Utilities::redirect($url);
|
||||
SimpleSAML_Utilities::redirectTrustedURL($url);
|
||||
|
||||
} catch(Exception $exception) {
|
||||
throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
|
||||
|
@ -88,7 +88,7 @@ if (!isset($session) || !$session->isValid('shib13') ) {
|
|||
|
||||
if (isset($relaystate) && !empty($relaystate)) {
|
||||
SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: Already Authenticated, Go back to RelayState');
|
||||
SimpleSAML_Utilities::redirect($relaystate);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($relaystate);
|
||||
} else {
|
||||
throw new SimpleSAML_Error_Error('NORELAYSTATE');
|
||||
}
|
||||
|
|
|
@ -38,7 +38,7 @@ if (isset($session) ) {
|
|||
|
||||
$idpmeta = $metadata->getMetaData($idpentityid, 'wsfed-idp-remote');
|
||||
|
||||
SimpleSAML_Utilities::redirect($idpmeta['prp'], array(
|
||||
SimpleSAML_Utilities::redirectTrustedURL($idpmeta['prp'], array(
|
||||
'wa' => 'wsignout1.0',
|
||||
'wct' => gmdate('Y-m-d\TH:i:s\Z', time()),
|
||||
'wtrealm' => $spentityid,
|
||||
|
@ -53,7 +53,7 @@ if (isset($session) ) {
|
|||
} else {
|
||||
|
||||
SimpleSAML_Logger::info('WS-Fed - SP.initSLO: User is already logged out. Go back to relaystate');
|
||||
SimpleSAML_Utilities::redirect($returnTo);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($returnTo);
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ if ($idpentityid == null) {
|
|||
|
||||
SimpleSAML_Logger::info('WS-Fed - SP.initSSO: No chosen or default IdP, go to WSFeddisco');
|
||||
|
||||
SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'wsfed/sp/idpdisco.php', array(
|
||||
SimpleSAML_Utilities::redirectTrustedURL('/' . $config->getBaseURL() . 'wsfed/sp/idpdisco.php', array(
|
||||
'entityID' => $spentityid,
|
||||
'return' => SimpleSAML_Utilities::selfURL(),
|
||||
'returnIDParam' => 'idpentityid')
|
||||
|
@ -51,7 +51,7 @@ try {
|
|||
$idpmeta = $metadata->getMetaData($idpentityid, 'wsfed-idp-remote');
|
||||
$spmeta = $metadata->getMetaData($spentityid, 'wsfed-sp-hosted');
|
||||
|
||||
SimpleSAML_Utilities::redirect($idpmeta['prp'], array(
|
||||
SimpleSAML_Utilities::redirectTrustedURL($idpmeta['prp'], array(
|
||||
'wa' => 'wsignin1.0',
|
||||
'wct' => gmdate('Y-m-d\TH:i:s\Z', time()),
|
||||
'wtrealm' => $spentityid,
|
||||
|
|
|
@ -28,7 +28,7 @@ if (!empty($_GET['wa']) and ($_GET['wa'] == 'wsignoutcleanup1.0')) {
|
|||
$session->doLogout('wsfed');
|
||||
}
|
||||
if (!empty($_GET['wreply'])) {
|
||||
SimpleSAML_Utilities::redirect(urldecode($_GET['wreply']));
|
||||
SimpleSAML_Utilities::redirectUntrustedURL(urldecode($_GET['wreply']));
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
@ -147,7 +147,7 @@ try {
|
|||
$session->doLogin('wsfed', $authData);
|
||||
|
||||
/* Redirect the user back to the page which requested the login. */
|
||||
SimpleSAML_Utilities::redirect($wctx);
|
||||
SimpleSAML_Utilities::redirectUntrustedURL($wctx);
|
||||
|
||||
} catch(Exception $exception) {
|
||||
throw new SimpleSAML_Error_Error('PROCESSASSERTION', $exception);
|
||||
|
|
Reference in New Issue