From 2070d0ec14a13d32a9b4887b1ff3c9e768b0375d Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 10 Jan 2012 13:11:01 +0000
Subject: [PATCH] Fix two user-assisted cross site scripting attacks.

Thanks to Google Code user timtai1 for notifying us about this
problem!

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3009 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/core/www/no_cookie.php | 1 +
 www/logout.php                 | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/core/www/no_cookie.php b/modules/core/www/no_cookie.php
index 211712d6d..a81055a8b 100644
--- a/modules/core/www/no_cookie.php
+++ b/modules/core/www/no_cookie.php
@@ -2,6 +2,7 @@
 
 if (isset($_REQUEST['retryURL'])) {
 	$retryURL = (string)$_REQUEST['retryURL'];
+	$retryURL = SimpleSAML_Utilities::normalizeURL($retryURL);
 } else {
 	$retryURL = NULL;
 }
diff --git a/www/logout.php b/www/logout.php
index 52b517dd5..53942535e 100644
--- a/www/logout.php
+++ b/www/logout.php
@@ -5,7 +5,8 @@ require_once('_include.php');
 $config = SimpleSAML_Configuration::getInstance();
 
 if(array_key_exists('link_href', $_REQUEST)) {
-	$link = $_REQUEST['link_href'];
+	$link = (string)$_REQUEST['link_href'];
+	$link = SimpleSAML_Utilities::normalizeURL($link);
 } else {
 	$link = 'index.php';
 }
-- 
GitLab