From 1397e0f73b1317e4099317437632518029963264 Mon Sep 17 00:00:00 2001
From: Andjelko Horvat <comel@vingd.com>
Date: Fri, 29 Jul 2011 07:52:46 +0000
Subject: [PATCH] SAML2_HTTPPost::send: use SimpleSAML_Utilities::postRedirect
(issue 417).
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2877 44740490-163a-0410-bde0-09ae8108e29a
---
lib/SAML2/HTTPPost.php | 30 ++++--------------------------
1 file changed, 4 insertions(+), 26 deletions(-)
diff --git a/lib/SAML2/HTTPPost.php b/lib/SAML2/HTTPPost.php
index fc98537f4..951a88a8e 100644
--- a/lib/SAML2/HTTPPost.php
+++ b/lib/SAML2/HTTPPost.php
@@ -30,7 +30,6 @@ class SAML2_HTTPPost extends SAML2_Binding {
SimpleSAML_Utilities::debugMessage($msgStr, 'out');
$msgStr = base64_encode($msgStr);
- $msgStr = htmlspecialchars($msgStr);
if ($message instanceof SAML2_Request) {
$msgType = 'SAMLRequest';
@@ -38,35 +37,14 @@ class SAML2_HTTPPost extends SAML2_Binding {
$msgType = 'SAMLResponse';
}
- $destination = htmlspecialchars($destination);
+ $post = array();
+ $post[$msgType] = $msgStr;
if ($relayState !== NULL) {
- $relayState = '<input type="hidden" name="RelayState" value="' . htmlspecialchars($relayState) . '">';
- } else {
- $relayState = '';
+ $post['RelayState'] = $relayState;
}
- $out = <<<END
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head>
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<title>POST data</title>
-</head>
-<body onload="document.forms[0].submit()">
-<noscript>
-<p><strong>Note:</strong> Since your browser does not support JavaScript, you must press the button below once to proceed.</p>
-</noscript>
-<form method="post" action="$destination">
-<input type="hidden" name="$msgType" value="$msgStr" />
-$relayState
-<noscript><input type="submit" value="Submit" /></noscript>
-</form>
-</body>
-</html>
-END;
- echo($out);
- exit(0);
+ SimpleSAML_Utilities::postRedirect($destination, $post);
}
--
GitLab