From 2070d0ec14a13d32a9b4887b1ff3c9e768b0375d Mon Sep 17 00:00:00 2001 From: Olav Morken <olav.morken@uninett.no> Date: Tue, 10 Jan 2012 13:11:01 +0000 Subject: [PATCH] Fix two user-assisted cross site scripting attacks. Thanks to Google Code user timtai1 for notifying us about this problem! git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3009 44740490-163a-0410-bde0-09ae8108e29a --- modules/core/www/no_cookie.php | 1 + www/logout.php | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/core/www/no_cookie.php b/modules/core/www/no_cookie.php index 211712d6d..a81055a8b 100644 --- a/modules/core/www/no_cookie.php +++ b/modules/core/www/no_cookie.php @@ -2,6 +2,7 @@ if (isset($_REQUEST['retryURL'])) { $retryURL = (string)$_REQUEST['retryURL']; + $retryURL = SimpleSAML_Utilities::normalizeURL($retryURL); } else { $retryURL = NULL; } diff --git a/www/logout.php b/www/logout.php index 52b517dd5..53942535e 100644 --- a/www/logout.php +++ b/www/logout.php @@ -5,7 +5,8 @@ require_once('_include.php'); $config = SimpleSAML_Configuration::getInstance(); if(array_key_exists('link_href', $_REQUEST)) { - $link = $_REQUEST['link_href']; + $link = (string)$_REQUEST['link_href']; + $link = SimpleSAML_Utilities::normalizeURL($link); } else { $link = 'index.php'; } -- GitLab