lib/SimpleSAML/Session.php · 779442381f9b360610390930509aa4cbc2acea7d · Perun / Perun ProxyIdP / v1 / simplesamlphp

8 years ago

Use AttributeValue serializable objects instead of dumping manually the XML contents. · 6d215c0b

Jaime Pérez authored 8 years ago

This way, we avoid completely any possible XXE attack, and simplify the code as we don't need to deal directly with the DOM. The entire AttributeValue will be saved to the backend as XML, and then recovered back when unserializing.

6d215c0b

History

Use AttributeValue serializable objects instead of dumping manually the XML contents.

Jaime Pérez authored 8 years ago

This way, we avoid completely any possible XXE attack, and simplify the code as we don't need to deal directly with the DOM. The entire AttributeValue will be saved to the backend as XML, and then recovered back when unserializing.

Code owners

Assign users and groups as approvers for specific file changes. Learn more.