diff --git a/lib/SimpleSAML/Auth/ProcessingChain.php b/lib/SimpleSAML/Auth/ProcessingChain.php
index 2bc624df19a560449e4745efba61fd3fb1a1db93..338084058d9e727def9c08aed653aeb65707c258 100644
--- a/lib/SimpleSAML/Auth/ProcessingChain.php
+++ b/lib/SimpleSAML/Auth/ProcessingChain.php
@@ -306,7 +306,7 @@ class SimpleSAML_Auth_ProcessingChain {
* SimpleSAML_Auth_ProcessingChain::AUTHPARAM request parameter. Please
* make sure to sanitize it properly by calling the
* SimpleSAML_Utilities::checkURLAllowed() function with the embedded
- * restart URL, if any. See also SimpleSAML_Utilities::getURLFromStateID().
+ * restart URL, if any. See also SimpleSAML_Utilities::parseStateID().
*/
public static function fetchProcessedState($id) {
assert('is_string($id)');
diff --git a/lib/SimpleSAML/Auth/State.php b/lib/SimpleSAML/Auth/State.php
index 0b74da24c533a9ec61259bd20b6c81f74d0f4486..ccea15f0ec1059cb49ced833831dbde3dedd76c5 100644
--- a/lib/SimpleSAML/Auth/State.php
+++ b/lib/SimpleSAML/Auth/State.php
@@ -211,10 +211,10 @@ class SimpleSAML_Auth_State {
assert('is_bool($allowMissing)');
SimpleSAML_Logger::debug('Loading state: ' . var_export($id, TRUE));
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
+ $sid = SimpleSAML_Utilities::parseStateID($id);
$session = SimpleSAML_Session::getInstance();
- $state = $session->getData('SimpleSAML_Auth_State', $id);
+ $state = $session->getData('SimpleSAML_Auth_State', $sid['id']);
if ($state === NULL) {
/* Could not find saved data. */
@@ -222,11 +222,11 @@ class SimpleSAML_Auth_State {
return NULL;
}
- if ($restartURL === NULL) {
+ if ($sid['url'] === NULL) {
throw new SimpleSAML_Error_NoState();
}
- SimpleSAML_Utilities::redirectTrustedURL($restartURL);
+ SimpleSAML_Utilities::redirectTrustedURL($sid['url']);
}
$state = unserialize($state);
@@ -246,11 +246,11 @@ class SimpleSAML_Auth_State {
SimpleSAML_Logger::warning($msg);
- if ($restartURL === NULL) {
+ if ($sid['url'] === NULL) {
throw new Exception($msg);
}
- SimpleSAML_Utilities::redirectTrustedURL($restartURL);
+ SimpleSAML_Utilities::redirectTrustedURL($sid['url']);
}
return $state;
diff --git a/lib/SimpleSAML/IdP/LogoutTraditional.php b/lib/SimpleSAML/IdP/LogoutTraditional.php
index f9fa132f7ae9440421863a982a4e870f3e258f19..5f934cc61a326e9556fbc16c2d86c5b22d0e43fd 100644
--- a/lib/SimpleSAML/IdP/LogoutTraditional.php
+++ b/lib/SimpleSAML/IdP/LogoutTraditional.php
@@ -77,9 +77,9 @@ class SimpleSAML_IdP_LogoutTraditional extends SimpleSAML_IdP_LogoutHandler {
}
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($relayState);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($relayState);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($relayState, 'core:LogoutTraditional');
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 096b52b8f1b9e5c20ab436e76736aaaa1f7d6ab7..cc42bfcd34e7df70b4473c199a3b967e86a40520 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -345,19 +345,23 @@ class SimpleSAML_Utilities {
/**
- * Get a URL embedded in a StateID, in the form 'id:url'.
+ * Get the ID and (optionally) a URL embedded in a StateID,
+ * in the form 'id:url'.
*
* @param string $stateId The state ID to use.
- * @return string The embedded URL if found, NULL otherwise.
+ * @return array A hashed array with the ID and the URL (if any),
+ * in the 'id' and 'url' keys, respectively. If there's no URL
+ * in the input parameter, NULL will be returned as the value for
+ * the 'url' key.
*/
- public static function getURLFromStateID($stateId) {
+ public static function parseStateID($stateId) {
$tmp = explode(':', $stateId, 2);
$id = $tmp[0];
$url = NULL;
if (count($tmp) === 2) {
$url = $tmp[1];
}
- return $url;
+ return array('id' => $id, 'url' => $url);
}
diff --git a/modules/InfoCard/lib/Auth/Source/ICAuth.php b/modules/InfoCard/lib/Auth/Source/ICAuth.php
index 0b76ed1c08b03ebf4500741de0dd58440e68ba7e..bfefdabfcb5b6e172a19879999ca1017e7b77e0a 100644
--- a/modules/InfoCard/lib/Auth/Source/ICAuth.php
+++ b/modules/InfoCard/lib/Auth/Source/ICAuth.php
@@ -69,9 +69,9 @@ class sspmod_InfoCard_Auth_Source_ICAuth extends SimpleSAML_Auth_Source {
}
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($authStateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
diff --git a/modules/aselect/www/credentials.php b/modules/aselect/www/credentials.php
index dc0afe7e4bde51319df8d0de887d9fc6c9d93bd5..bcdd208a38ae8412b8c3d6f0148c47aa263f27ec 100644
--- a/modules/aselect/www/credentials.php
+++ b/modules/aselect/www/credentials.php
@@ -13,9 +13,9 @@ function check_credentials() {
$id = $_REQUEST['ssp_state'];
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($id);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'aselect:login');
diff --git a/modules/authYubiKey/lib/Auth/Source/YubiKey.php b/modules/authYubiKey/lib/Auth/Source/YubiKey.php
index 6b14128974a15b0ee6fe092ae48443c8164fb998..981c64ccbd85cec0fa332e2a4601d89a47be8d21 100644
--- a/modules/authYubiKey/lib/Auth/Source/YubiKey.php
+++ b/modules/authYubiKey/lib/Auth/Source/YubiKey.php
@@ -125,9 +125,9 @@ class sspmod_authYubiKey_Auth_Source_YubiKey extends SimpleSAML_Auth_Source {
assert('is_string($otp)');
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($authStateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
diff --git a/modules/authfacebook/www/linkback.php b/modules/authfacebook/www/linkback.php
index 2305f773dbe96eb5aad664437b729534d55e74c2..879e3d2225ffb89003c740eef02a6636d7cf7972 100644
--- a/modules/authfacebook/www/linkback.php
+++ b/modules/authfacebook/www/linkback.php
@@ -11,9 +11,9 @@ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState']))
$stateID = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateID);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($stateID);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($stateID, sspmod_authfacebook_Auth_Source_Facebook::STAGE_INIT);
diff --git a/modules/authlinkedin/www/linkback.php b/modules/authlinkedin/www/linkback.php
index a169f04ee17532fd329e3e72b9c3deb3e3390f3a..e65a8aab67e8b1e2eca3ebdd6d250a81fa2ee2a6 100644
--- a/modules/authlinkedin/www/linkback.php
+++ b/modules/authlinkedin/www/linkback.php
@@ -11,9 +11,9 @@ if (array_key_exists('stateid', $_REQUEST)) {
}
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($stateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authlinkedin_Auth_Source_LinkedIn::STAGE_INIT);
diff --git a/modules/authmyspace/www/linkback.php b/modules/authmyspace/www/linkback.php
index 81683c8373f45b93fcc2b44d4639405881ff1dfe..4dbaf79ff0290577e37dd6be7d9f4eb44adea78e 100644
--- a/modules/authmyspace/www/linkback.php
+++ b/modules/authmyspace/www/linkback.php
@@ -11,9 +11,9 @@ if (array_key_exists('stateid', $_REQUEST)) {
}
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($stateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authmyspace_Auth_Source_MySpace::STAGE_INIT);
diff --git a/modules/authorize/www/authorize_403.php b/modules/authorize/www/authorize_403.php
index 613fa1034aa5026e79d28b961b0bc58a10f5acf7..5152b99ad4b9c70f77ce72844489224bd9726f4b 100644
--- a/modules/authorize/www/authorize_403.php
+++ b/modules/authorize/www/authorize_403.php
@@ -13,9 +13,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
$id = $_REQUEST['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'authorize:Authorize');
diff --git a/modules/authtwitter/www/linkback.php b/modules/authtwitter/www/linkback.php
index 0ebea758af5b6061e57fd95cd2be340eef5ce9a5..9a397eda66882fab36887d50116923d5c798e583 100644
--- a/modules/authtwitter/www/linkback.php
+++ b/modules/authtwitter/www/linkback.php
@@ -10,9 +10,9 @@ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState']))
$stateID = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateID);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($stateID);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($stateID, sspmod_authtwitter_Auth_Source_Twitter::STAGE_INIT);
diff --git a/modules/authwindowslive/www/linkback.php b/modules/authwindowslive/www/linkback.php
index ee8452de461c5b11ab54beb1d561ed6e2a59c0ea..29b8b0d6077ec36d90e6b59d9c8d1ac9452222b8 100644
--- a/modules/authwindowslive/www/linkback.php
+++ b/modules/authwindowslive/www/linkback.php
@@ -8,9 +8,9 @@ if (array_key_exists('wrap_client_state', $_REQUEST)) {
$stateId = $_REQUEST['wrap_client_state'];
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($stateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authwindowslive_Auth_Source_LiveID::STAGE_INIT);
diff --git a/modules/cas/www/linkback.php b/modules/cas/www/linkback.php
index 8fe43e2f50bac1452d63f2280f8545b392a7621b..473c44b4813ccb7af431ac00dc76f672ab7c58e6 100644
--- a/modules/cas/www/linkback.php
+++ b/modules/cas/www/linkback.php
@@ -14,9 +14,9 @@ if (!isset($_GET['ticket'])) {
}
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($stateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_cas_Auth_Source_CAS::STAGE_INIT);
diff --git a/modules/cdc/www/resume.php b/modules/cdc/www/resume.php
index 549be22885b8999aa4fe65b270898f01a4a07fbe..8d7258dc9976403f0b15f9b25052867910ddf35d 100644
--- a/modules/cdc/www/resume.php
+++ b/modules/cdc/www/resume.php
@@ -18,9 +18,9 @@ if (!isset($response['id'])) {
}
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($response['id']);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($response['id']);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($response['id'], 'cdc:resume');
diff --git a/modules/consent/www/getconsent.php b/modules/consent/www/getconsent.php
index 3e30817022f73720206f32b872fa58ae1a49c2d1..babbf46cd8477a5d64eef3cd27608ee7680d175f 100644
--- a/modules/consent/www/getconsent.php
+++ b/modules/consent/www/getconsent.php
@@ -33,9 +33,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
$id = $_REQUEST['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'consent:request');
diff --git a/modules/consent/www/logout.php b/modules/consent/www/logout.php
index 1e464294a1cc4089903d5e598a3e45c187a68c95..a5f7cf641d24fec0930d302cf34029529d987e9f 100644
--- a/modules/consent/www/logout.php
+++ b/modules/consent/www/logout.php
@@ -12,9 +12,9 @@ if (!array_key_exists('StateId', $_GET)) {
$id = (string)$_GET['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'consent:request');
diff --git a/modules/consent/www/noconsent.php b/modules/consent/www/noconsent.php
index 37b5920117a250715eaf794232ef29522561d12d..2b975856d13ea3a2011e276e0fbbe3ec088d600d 100644
--- a/modules/consent/www/noconsent.php
+++ b/modules/consent/www/noconsent.php
@@ -14,9 +14,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
$id = $_REQUEST['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'consent:request');
diff --git a/modules/core/lib/Auth/UserPassBase.php b/modules/core/lib/Auth/UserPassBase.php
index c7ff0bebebaf068296a33793c4d2aa1ee038d878..f734d4331e8ed798c9f3e944d440a3ad4a71b9d2 100644
--- a/modules/core/lib/Auth/UserPassBase.php
+++ b/modules/core/lib/Auth/UserPassBase.php
@@ -198,9 +198,9 @@ abstract class sspmod_core_Auth_UserPassBase extends SimpleSAML_Auth_Source {
assert('is_string($password)');
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($authStateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Here we retrieve the state array we saved in the authenticate-function. */
diff --git a/modules/core/lib/Auth/UserPassOrgBase.php b/modules/core/lib/Auth/UserPassOrgBase.php
index 9c7af9731f17ea33bbf7f28864e6db8612e606ff..3e57e4a799cd164916808587a863ce8c8d68a8ea 100644
--- a/modules/core/lib/Auth/UserPassOrgBase.php
+++ b/modules/core/lib/Auth/UserPassOrgBase.php
@@ -210,9 +210,9 @@ abstract class sspmod_core_Auth_UserPassOrgBase extends SimpleSAML_Auth_Source {
assert('is_string($organization)');
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($authStateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
@@ -264,9 +264,9 @@ abstract class sspmod_core_Auth_UserPassOrgBase extends SimpleSAML_Auth_Source {
assert('is_string($authStateId)');
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($authStateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
diff --git a/modules/core/www/idp/logout-iframe-done.php b/modules/core/www/idp/logout-iframe-done.php
index 62539988b6f5d08a8d01f40e4077e13aa7f69799..fe69f40076e4e2e1d4a7bd694de316c56dc338c0 100644
--- a/modules/core/www/idp/logout-iframe-done.php
+++ b/modules/core/www/idp/logout-iframe-done.php
@@ -6,9 +6,9 @@ if (!isset($_REQUEST['id'])) {
$id = (string)$_REQUEST['id'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'core:Logout-IFrame');
diff --git a/modules/core/www/idp/logout-iframe.php b/modules/core/www/idp/logout-iframe.php
index 53cdcfc94f564062204dde3bab462c4cf6721f6f..07a472db04fe6860ae9422f724398dc0307969e7 100644
--- a/modules/core/www/idp/logout-iframe.php
+++ b/modules/core/www/idp/logout-iframe.php
@@ -20,9 +20,9 @@ if ($type !== 'embed' && $type !== 'async') {
}
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'core:Logout-IFrame');
diff --git a/modules/core/www/idp/resumelogout.php b/modules/core/www/idp/resumelogout.php
index f93c8e968365e40dac78e8650c19cab765e67f1e..0077909f57c9af25a94ad6fe81ce2611b036a377 100644
--- a/modules/core/www/idp/resumelogout.php
+++ b/modules/core/www/idp/resumelogout.php
@@ -6,9 +6,9 @@ if (!isset($_REQUEST['id'])) {
$id = (string)$_REQUEST['id'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'core:Logout:afterbridge');
diff --git a/modules/core/www/loginuserpass.php b/modules/core/www/loginuserpass.php
index cda363b4015e35804d89cc55546b5c0d98919b41..6a2dc9718dddecc29907389bf145d65da67fb3cb 100644
--- a/modules/core/www/loginuserpass.php
+++ b/modules/core/www/loginuserpass.php
@@ -16,9 +16,9 @@ if (!array_key_exists('AuthState', $_REQUEST)) {
$authStateId = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($authStateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
diff --git a/modules/core/www/loginuserpassorg.php b/modules/core/www/loginuserpassorg.php
index abd9a532e563c6bf30d2117ccb4682bf22a2ff77..3e5b9fe35c25c8e5b5d1ab0acd0b1fa53dc0513b 100644
--- a/modules/core/www/loginuserpassorg.php
+++ b/modules/core/www/loginuserpassorg.php
@@ -16,9 +16,9 @@ if (!array_key_exists('AuthState', $_REQUEST)) {
$authStateId = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($authStateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
diff --git a/modules/core/www/short_sso_interval.php b/modules/core/www/short_sso_interval.php
index e9e5b159dd65fff01b4eabf2b86b4c8b3e9495a4..3a44634b838683b00969066ecfbe40d44b0e21c1 100644
--- a/modules/core/www/short_sso_interval.php
+++ b/modules/core/www/short_sso_interval.php
@@ -14,9 +14,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
$id = $_REQUEST['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'core:short_sso_interval');
diff --git a/modules/exampleauth/lib/Auth/Source/External.php b/modules/exampleauth/lib/Auth/Source/External.php
index 53818e9b20fc2a1961797825187d24b11b7ecc70..256a3dec3eff93f48145636b1ef939083484a88b 100644
--- a/modules/exampleauth/lib/Auth/Source/External.php
+++ b/modules/exampleauth/lib/Auth/Source/External.php
@@ -187,9 +187,9 @@ class sspmod_exampleauth_Auth_Source_External extends SimpleSAML_Auth_Source {
$stateId = (string)$_REQUEST['State'];
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($stateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/*
diff --git a/modules/exampleauth/www/authpage.php b/modules/exampleauth/www/authpage.php
index bcd01b8d4126fa51b821a37ee7b4418469500cab..91ff7917017d12f703eba6791616173d751a7213 100644
--- a/modules/exampleauth/www/authpage.php
+++ b/modules/exampleauth/www/authpage.php
@@ -33,9 +33,9 @@ if (!preg_match('@State=(.*)@', $returnTo, $matches)) {
$stateId = urldecode($matches[1]);
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($stateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
SimpleSAML_Auth_State::loadState($stateId, 'exampleauth:External');
diff --git a/modules/exampleauth/www/redirecttest.php b/modules/exampleauth/www/redirecttest.php
index c6d4fb86e1aa94d0179f429607e39d9adb06d34b..8a38fc4a40be3f4ad29c9998ee6c1f9910b76662 100644
--- a/modules/exampleauth/www/redirecttest.php
+++ b/modules/exampleauth/www/redirecttest.php
@@ -15,9 +15,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
$id = $_REQUEST['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'exampleauth:redirectfilter-test');
diff --git a/modules/expirycheck/www/about2expire.php b/modules/expirycheck/www/about2expire.php
index 487b3f8dffc8679e396c7e2ad3d9a30f86f4a548..671700503151dda0727ab6d7ac16476e9bb4f342 100644
--- a/modules/expirycheck/www/about2expire.php
+++ b/modules/expirycheck/www/about2expire.php
@@ -16,9 +16,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
$id = $_REQUEST['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'expirywarning:about2expire');
diff --git a/modules/expirycheck/www/expired.php b/modules/expirycheck/www/expired.php
index 5ec7b93a10505faa1d8299ae99f0734ccb742f45..4279f3e6ef0aba4c35adceece757960fc3be6012 100644
--- a/modules/expirycheck/www/expired.php
+++ b/modules/expirycheck/www/expired.php
@@ -16,9 +16,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
$id = $_REQUEST['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'expirywarning:expired');
diff --git a/modules/multiauth/www/selectsource.php b/modules/multiauth/www/selectsource.php
index afa28ed50d7a39acc49fa0f1288bfcf3328c75f3..de278437c4f1e03b21d8303b479d9146020ae4e4 100644
--- a/modules/multiauth/www/selectsource.php
+++ b/modules/multiauth/www/selectsource.php
@@ -17,9 +17,9 @@ if (!array_key_exists('AuthState', $_REQUEST)) {
$authStateId = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($authStateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
diff --git a/modules/negotiate/www/backend.php b/modules/negotiate/www/backend.php
index 347ce8dc9689584df7c9b9c50778c4c0275c6315..a3924ab40c2653b6cc09b544950fdeb7b8e869cc 100644
--- a/modules/negotiate/www/backend.php
+++ b/modules/negotiate/www/backend.php
@@ -12,9 +12,9 @@
$authStateId = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($authStateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_negotiate_Auth_Source_Negotiate::STAGEID);
diff --git a/modules/negotiate/www/retry.php b/modules/negotiate/www/retry.php
index 858b8367875a3d4e8d317d3dc2128de69c520546..1f75c61d60c5d9988f083b9adff3b1d4c07e8e91 100644
--- a/modules/negotiate/www/retry.php
+++ b/modules/negotiate/www/retry.php
@@ -12,9 +12,9 @@
$authStateId = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($authStateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_negotiate_Auth_Source_Negotiate::STAGEID);
diff --git a/modules/openid/www/consumer.php b/modules/openid/www/consumer.php
index 0f8067c0e95276c4353883f2cfa72ed1d009fb4b..63f83a3e907abfd4c378b02e09bd181df5c26d4e 100644
--- a/modules/openid/www/consumer.php
+++ b/modules/openid/www/consumer.php
@@ -8,9 +8,9 @@ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState']))
$authState = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($authState);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($authState);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($authState, 'openid:init');
diff --git a/modules/openid/www/linkback.php b/modules/openid/www/linkback.php
index 6108ca73e3ff53268acad343eb2272de1738e0df..aa938cca34f458d86cdc079cf50d6a60560f69ed 100644
--- a/modules/openid/www/linkback.php
+++ b/modules/openid/www/linkback.php
@@ -8,9 +8,9 @@ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState']))
$authState = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($authState);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($authState);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($authState, 'openid:auth');
diff --git a/modules/openidProvider/lib/Server.php b/modules/openidProvider/lib/Server.php
index 956a7e4b80e94ff5d28cb02a4e2b505d1db48793..b49223d353cac05aef1ccc3385ebc93e38518a43 100644
--- a/modules/openidProvider/lib/Server.php
+++ b/modules/openidProvider/lib/Server.php
@@ -330,9 +330,9 @@ class sspmod_openidProvider_Server {
assert('is_string($stateId)');
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($stateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
return SimpleSAML_Auth_State::loadState($stateId, 'openidProvider:resumeState');
diff --git a/modules/papi/lib/Auth/Source/PAPI.php b/modules/papi/lib/Auth/Source/PAPI.php
index c074093460763cee6db69cb07fdd343185f9b941..d9c39b61c2badfdb9afb3e4e5e2498c886b800c6 100644
--- a/modules/papi/lib/Auth/Source/PAPI.php
+++ b/modules/papi/lib/Auth/Source/PAPI.php
@@ -117,9 +117,9 @@ class sspmod_papi_Auth_Source_PAPI extends SimpleSAML_Auth_Source {
$this->_stateId = (string)$_REQUEST['SSPStateID'];
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($this->_stateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($this->_stateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($this->_stateId, self::STAGE_INIT);
@@ -170,9 +170,9 @@ class sspmod_papi_Auth_Source_PAPI extends SimpleSAML_Auth_Source {
$this->_stateId = (string)$_REQUEST['SSPStateID'];
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($this->_stateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($this->_stateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($this->_stateId, self::STAGE_INIT);
diff --git a/modules/preprodwarning/www/showwarning.php b/modules/preprodwarning/www/showwarning.php
index 2c50860dd7a933d891115af6998751fe7c3f486d..1c4c6aa19529839b6ce1f216066100df095b7b69 100644
--- a/modules/preprodwarning/www/showwarning.php
+++ b/modules/preprodwarning/www/showwarning.php
@@ -17,9 +17,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
$id = $_REQUEST['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'warning:request');
diff --git a/modules/saml/www/sp/discoresp.php b/modules/saml/www/sp/discoresp.php
index 1479f8a42b8d7fb95e17c1255e6a7590e7f74401..5d6d55bb7b0b12be7d0999ff638f24f8ada4a65d 100644
--- a/modules/saml/www/sp/discoresp.php
+++ b/modules/saml/www/sp/discoresp.php
@@ -15,9 +15,9 @@ if (!array_key_exists('idpentityid', $_REQUEST)) {
$stateID = $_REQUEST['AuthID'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateID);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($stateID);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($stateID, 'saml:sp:sso');
diff --git a/modules/saml/www/sp/saml1-acs.php b/modules/saml/www/sp/saml1-acs.php
index d9a594c5ef90f8b2fec969074be8d90e41548183..95cc91b58df646d5916f0de427908a2b1b575b49 100644
--- a/modules/saml/www/sp/saml1-acs.php
+++ b/modules/saml/www/sp/saml1-acs.php
@@ -32,9 +32,9 @@ if (preg_match('@^https?://@i', $target)) {
$stateID = $_REQUEST['TARGET'];
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateID);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($stateID);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($stateID, 'saml:sp:sso');
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index 09723b64235cab45fbd49d67ea94b819de6d99f8..dc0375834aa2a1efe4485d767e21949fbc80083b 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -54,9 +54,9 @@ $stateId = $response->getInResponseTo();
if (!empty($stateId)) {
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($stateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* This is a response to a request we sent earlier. */
diff --git a/modules/saml/www/sp/saml2-logout.php b/modules/saml/www/sp/saml2-logout.php
index 5d360243338c93e0a45a2653a87ebe51c894e6a3..950f3b008ba4036aff2cc33a468b4dc456a0d432 100644
--- a/modules/saml/www/sp/saml2-logout.php
+++ b/modules/saml/www/sp/saml2-logout.php
@@ -55,9 +55,9 @@ if ($message instanceof SAML2_LogoutResponse) {
}
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($relayState);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($relayState);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($relayState, 'saml:slosent');
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
index c7dc96f29034204b7502c5e8b0558355d3806bcd..b55fc97be99a86e189ab34872979bb5f4e9d06d2 100644
--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -61,9 +61,9 @@ if (array_key_exists(SimpleSAML_Auth_ProcessingChain::AUTHPARAM, $_REQUEST)) {
$authProcId = $_REQUEST[SimpleSAML_Auth_ProcessingChain::AUTHPARAM];
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($authProcId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($authProcId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$authProcState = SimpleSAML_Auth_ProcessingChain::fetchProcessedState($authProcId);
diff --git a/www/shib13/sp/AssertionConsumerService.php b/www/shib13/sp/AssertionConsumerService.php
index bc5a4368ca3683205dd675c4286f71cfb867af67..6d04f8ca1c3606b51733069d638db29df13aede6 100644
--- a/www/shib13/sp/AssertionConsumerService.php
+++ b/www/shib13/sp/AssertionConsumerService.php
@@ -49,9 +49,9 @@ if (array_key_exists(SimpleSAML_Auth_ProcessingChain::AUTHPARAM, $_REQUEST)) {
$authProcId = $_REQUEST[SimpleSAML_Auth_ProcessingChain::AUTHPARAM];
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($authProcId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($authProcId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$authProcState = SimpleSAML_Auth_ProcessingChain::fetchProcessedState($authProcId);