From 26ecd93413b6c8fb8a2642f882ad91d83b77c8f0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20P=C3=A9rez=20Crespo?= <jaime.perez@uninett.no>
Date: Tue, 28 Jan 2014 00:24:41 +0000
Subject: [PATCH] Fix for bug introduced in r3332.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3336 44740490-163a-0410-bde0-09ae8108e29a
---
lib/SimpleSAML/Auth/ProcessingChain.php | 2 +-
lib/SimpleSAML/Auth/State.php | 12 ++++++------
lib/SimpleSAML/IdP/LogoutTraditional.php | 6 +++---
lib/SimpleSAML/Utilities.php | 12 ++++++++----
modules/InfoCard/lib/Auth/Source/ICAuth.php | 6 +++---
modules/aselect/www/credentials.php | 6 +++---
modules/authYubiKey/lib/Auth/Source/YubiKey.php | 6 +++---
modules/authfacebook/www/linkback.php | 6 +++---
modules/authlinkedin/www/linkback.php | 6 +++---
modules/authmyspace/www/linkback.php | 6 +++---
modules/authorize/www/authorize_403.php | 6 +++---
modules/authtwitter/www/linkback.php | 6 +++---
modules/authwindowslive/www/linkback.php | 6 +++---
modules/cas/www/linkback.php | 6 +++---
modules/cdc/www/resume.php | 6 +++---
modules/consent/www/getconsent.php | 6 +++---
modules/consent/www/logout.php | 6 +++---
modules/consent/www/noconsent.php | 6 +++---
modules/core/lib/Auth/UserPassBase.php | 6 +++---
modules/core/lib/Auth/UserPassOrgBase.php | 12 ++++++------
modules/core/www/idp/logout-iframe-done.php | 6 +++---
modules/core/www/idp/logout-iframe.php | 6 +++---
modules/core/www/idp/resumelogout.php | 6 +++---
modules/core/www/loginuserpass.php | 6 +++---
modules/core/www/loginuserpassorg.php | 6 +++---
modules/core/www/short_sso_interval.php | 6 +++---
modules/exampleauth/lib/Auth/Source/External.php | 6 +++---
modules/exampleauth/www/authpage.php | 6 +++---
modules/exampleauth/www/redirecttest.php | 6 +++---
modules/expirycheck/www/about2expire.php | 6 +++---
modules/expirycheck/www/expired.php | 6 +++---
modules/multiauth/www/selectsource.php | 6 +++---
modules/negotiate/www/backend.php | 6 +++---
modules/negotiate/www/retry.php | 6 +++---
modules/openid/www/consumer.php | 6 +++---
modules/openid/www/linkback.php | 6 +++---
modules/openidProvider/lib/Server.php | 6 +++---
modules/papi/lib/Auth/Source/PAPI.php | 12 ++++++------
modules/preprodwarning/www/showwarning.php | 6 +++---
modules/saml/www/sp/discoresp.php | 6 +++---
modules/saml/www/sp/saml1-acs.php | 6 +++---
modules/saml/www/sp/saml2-acs.php | 6 +++---
modules/saml/www/sp/saml2-logout.php | 6 +++---
www/saml2/sp/AssertionConsumerService.php | 6 +++---
www/shib13/sp/AssertionConsumerService.php | 6 +++---
45 files changed, 147 insertions(+), 143 deletions(-)
diff --git a/lib/SimpleSAML/Auth/ProcessingChain.php b/lib/SimpleSAML/Auth/ProcessingChain.php
index 2bc624df1..338084058 100644
--- a/lib/SimpleSAML/Auth/ProcessingChain.php
+++ b/lib/SimpleSAML/Auth/ProcessingChain.php
@@ -306,7 +306,7 @@ class SimpleSAML_Auth_ProcessingChain {
* SimpleSAML_Auth_ProcessingChain::AUTHPARAM request parameter. Please
* make sure to sanitize it properly by calling the
* SimpleSAML_Utilities::checkURLAllowed() function with the embedded
- * restart URL, if any. See also SimpleSAML_Utilities::getURLFromStateID().
+ * restart URL, if any. See also SimpleSAML_Utilities::parseStateID().
*/
public static function fetchProcessedState($id) {
assert('is_string($id)');
diff --git a/lib/SimpleSAML/Auth/State.php b/lib/SimpleSAML/Auth/State.php
index 0b74da24c..ccea15f0e 100644
--- a/lib/SimpleSAML/Auth/State.php
+++ b/lib/SimpleSAML/Auth/State.php
@@ -211,10 +211,10 @@ class SimpleSAML_Auth_State {
assert('is_bool($allowMissing)');
SimpleSAML_Logger::debug('Loading state: ' . var_export($id, TRUE));
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
+ $sid = SimpleSAML_Utilities::parseStateID($id);
$session = SimpleSAML_Session::getInstance();
- $state = $session->getData('SimpleSAML_Auth_State', $id);
+ $state = $session->getData('SimpleSAML_Auth_State', $sid['id']);
if ($state === NULL) {
/* Could not find saved data. */
@@ -222,11 +222,11 @@ class SimpleSAML_Auth_State {
return NULL;
}
- if ($restartURL === NULL) {
+ if ($sid['url'] === NULL) {
throw new SimpleSAML_Error_NoState();
}
- SimpleSAML_Utilities::redirectTrustedURL($restartURL);
+ SimpleSAML_Utilities::redirectTrustedURL($sid['url']);
}
$state = unserialize($state);
@@ -246,11 +246,11 @@ class SimpleSAML_Auth_State {
SimpleSAML_Logger::warning($msg);
- if ($restartURL === NULL) {
+ if ($sid['url'] === NULL) {
throw new Exception($msg);
}
- SimpleSAML_Utilities::redirectTrustedURL($restartURL);
+ SimpleSAML_Utilities::redirectTrustedURL($sid['url']);
}
return $state;
diff --git a/lib/SimpleSAML/IdP/LogoutTraditional.php b/lib/SimpleSAML/IdP/LogoutTraditional.php
index f9fa132f7..5f934cc61 100644
--- a/lib/SimpleSAML/IdP/LogoutTraditional.php
+++ b/lib/SimpleSAML/IdP/LogoutTraditional.php
@@ -77,9 +77,9 @@ class SimpleSAML_IdP_LogoutTraditional extends SimpleSAML_IdP_LogoutHandler {
}
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($relayState);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($relayState);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($relayState, 'core:LogoutTraditional');
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 096b52b8f..cc42bfcd3 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -345,19 +345,23 @@ class SimpleSAML_Utilities {
/**
- * Get a URL embedded in a StateID, in the form 'id:url'.
+ * Get the ID and (optionally) a URL embedded in a StateID,
+ * in the form 'id:url'.
*
* @param string $stateId The state ID to use.
- * @return string The embedded URL if found, NULL otherwise.
+ * @return array A hashed array with the ID and the URL (if any),
+ * in the 'id' and 'url' keys, respectively. If there's no URL
+ * in the input parameter, NULL will be returned as the value for
+ * the 'url' key.
*/
- public static function getURLFromStateID($stateId) {
+ public static function parseStateID($stateId) {
$tmp = explode(':', $stateId, 2);
$id = $tmp[0];
$url = NULL;
if (count($tmp) === 2) {
$url = $tmp[1];
}
- return $url;
+ return array('id' => $id, 'url' => $url);
}
diff --git a/modules/InfoCard/lib/Auth/Source/ICAuth.php b/modules/InfoCard/lib/Auth/Source/ICAuth.php
index 0b76ed1c0..bfefdabfc 100644
--- a/modules/InfoCard/lib/Auth/Source/ICAuth.php
+++ b/modules/InfoCard/lib/Auth/Source/ICAuth.php
@@ -69,9 +69,9 @@ class sspmod_InfoCard_Auth_Source_ICAuth extends SimpleSAML_Auth_Source {
}
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($authStateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
diff --git a/modules/aselect/www/credentials.php b/modules/aselect/www/credentials.php
index dc0afe7e4..bcdd208a3 100644
--- a/modules/aselect/www/credentials.php
+++ b/modules/aselect/www/credentials.php
@@ -13,9 +13,9 @@ function check_credentials() {
$id = $_REQUEST['ssp_state'];
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($id);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'aselect:login');
diff --git a/modules/authYubiKey/lib/Auth/Source/YubiKey.php b/modules/authYubiKey/lib/Auth/Source/YubiKey.php
index 6b1412897..981c64ccb 100644
--- a/modules/authYubiKey/lib/Auth/Source/YubiKey.php
+++ b/modules/authYubiKey/lib/Auth/Source/YubiKey.php
@@ -125,9 +125,9 @@ class sspmod_authYubiKey_Auth_Source_YubiKey extends SimpleSAML_Auth_Source {
assert('is_string($otp)');
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($authStateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
diff --git a/modules/authfacebook/www/linkback.php b/modules/authfacebook/www/linkback.php
index 2305f773d..879e3d222 100644
--- a/modules/authfacebook/www/linkback.php
+++ b/modules/authfacebook/www/linkback.php
@@ -11,9 +11,9 @@ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState']))
$stateID = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateID);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($stateID);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($stateID, sspmod_authfacebook_Auth_Source_Facebook::STAGE_INIT);
diff --git a/modules/authlinkedin/www/linkback.php b/modules/authlinkedin/www/linkback.php
index a169f04ee..e65a8aab6 100644
--- a/modules/authlinkedin/www/linkback.php
+++ b/modules/authlinkedin/www/linkback.php
@@ -11,9 +11,9 @@ if (array_key_exists('stateid', $_REQUEST)) {
}
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($stateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authlinkedin_Auth_Source_LinkedIn::STAGE_INIT);
diff --git a/modules/authmyspace/www/linkback.php b/modules/authmyspace/www/linkback.php
index 81683c837..4dbaf79ff 100644
--- a/modules/authmyspace/www/linkback.php
+++ b/modules/authmyspace/www/linkback.php
@@ -11,9 +11,9 @@ if (array_key_exists('stateid', $_REQUEST)) {
}
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($stateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authmyspace_Auth_Source_MySpace::STAGE_INIT);
diff --git a/modules/authorize/www/authorize_403.php b/modules/authorize/www/authorize_403.php
index 613fa1034..5152b99ad 100644
--- a/modules/authorize/www/authorize_403.php
+++ b/modules/authorize/www/authorize_403.php
@@ -13,9 +13,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
$id = $_REQUEST['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'authorize:Authorize');
diff --git a/modules/authtwitter/www/linkback.php b/modules/authtwitter/www/linkback.php
index 0ebea758a..9a397eda6 100644
--- a/modules/authtwitter/www/linkback.php
+++ b/modules/authtwitter/www/linkback.php
@@ -10,9 +10,9 @@ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState']))
$stateID = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateID);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($stateID);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($stateID, sspmod_authtwitter_Auth_Source_Twitter::STAGE_INIT);
diff --git a/modules/authwindowslive/www/linkback.php b/modules/authwindowslive/www/linkback.php
index ee8452de4..29b8b0d60 100644
--- a/modules/authwindowslive/www/linkback.php
+++ b/modules/authwindowslive/www/linkback.php
@@ -8,9 +8,9 @@ if (array_key_exists('wrap_client_state', $_REQUEST)) {
$stateId = $_REQUEST['wrap_client_state'];
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($stateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authwindowslive_Auth_Source_LiveID::STAGE_INIT);
diff --git a/modules/cas/www/linkback.php b/modules/cas/www/linkback.php
index 8fe43e2f5..473c44b48 100644
--- a/modules/cas/www/linkback.php
+++ b/modules/cas/www/linkback.php
@@ -14,9 +14,9 @@ if (!isset($_GET['ticket'])) {
}
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($stateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_cas_Auth_Source_CAS::STAGE_INIT);
diff --git a/modules/cdc/www/resume.php b/modules/cdc/www/resume.php
index 549be2288..8d7258dc9 100644
--- a/modules/cdc/www/resume.php
+++ b/modules/cdc/www/resume.php
@@ -18,9 +18,9 @@ if (!isset($response['id'])) {
}
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($response['id']);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($response['id']);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($response['id'], 'cdc:resume');
diff --git a/modules/consent/www/getconsent.php b/modules/consent/www/getconsent.php
index 3e3081702..babbf46cd 100644
--- a/modules/consent/www/getconsent.php
+++ b/modules/consent/www/getconsent.php
@@ -33,9 +33,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
$id = $_REQUEST['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'consent:request');
diff --git a/modules/consent/www/logout.php b/modules/consent/www/logout.php
index 1e464294a..a5f7cf641 100644
--- a/modules/consent/www/logout.php
+++ b/modules/consent/www/logout.php
@@ -12,9 +12,9 @@ if (!array_key_exists('StateId', $_GET)) {
$id = (string)$_GET['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'consent:request');
diff --git a/modules/consent/www/noconsent.php b/modules/consent/www/noconsent.php
index 37b592011..2b975856d 100644
--- a/modules/consent/www/noconsent.php
+++ b/modules/consent/www/noconsent.php
@@ -14,9 +14,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
$id = $_REQUEST['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'consent:request');
diff --git a/modules/core/lib/Auth/UserPassBase.php b/modules/core/lib/Auth/UserPassBase.php
index c7ff0bebe..f734d4331 100644
--- a/modules/core/lib/Auth/UserPassBase.php
+++ b/modules/core/lib/Auth/UserPassBase.php
@@ -198,9 +198,9 @@ abstract class sspmod_core_Auth_UserPassBase extends SimpleSAML_Auth_Source {
assert('is_string($password)');
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($authStateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Here we retrieve the state array we saved in the authenticate-function. */
diff --git a/modules/core/lib/Auth/UserPassOrgBase.php b/modules/core/lib/Auth/UserPassOrgBase.php
index 9c7af9731..3e57e4a79 100644
--- a/modules/core/lib/Auth/UserPassOrgBase.php
+++ b/modules/core/lib/Auth/UserPassOrgBase.php
@@ -210,9 +210,9 @@ abstract class sspmod_core_Auth_UserPassOrgBase extends SimpleSAML_Auth_Source {
assert('is_string($organization)');
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($authStateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
@@ -264,9 +264,9 @@ abstract class sspmod_core_Auth_UserPassOrgBase extends SimpleSAML_Auth_Source {
assert('is_string($authStateId)');
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($authStateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
diff --git a/modules/core/www/idp/logout-iframe-done.php b/modules/core/www/idp/logout-iframe-done.php
index 62539988b..fe69f4007 100644
--- a/modules/core/www/idp/logout-iframe-done.php
+++ b/modules/core/www/idp/logout-iframe-done.php
@@ -6,9 +6,9 @@ if (!isset($_REQUEST['id'])) {
$id = (string)$_REQUEST['id'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'core:Logout-IFrame');
diff --git a/modules/core/www/idp/logout-iframe.php b/modules/core/www/idp/logout-iframe.php
index 53cdcfc94..07a472db0 100644
--- a/modules/core/www/idp/logout-iframe.php
+++ b/modules/core/www/idp/logout-iframe.php
@@ -20,9 +20,9 @@ if ($type !== 'embed' && $type !== 'async') {
}
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'core:Logout-IFrame');
diff --git a/modules/core/www/idp/resumelogout.php b/modules/core/www/idp/resumelogout.php
index f93c8e968..0077909f5 100644
--- a/modules/core/www/idp/resumelogout.php
+++ b/modules/core/www/idp/resumelogout.php
@@ -6,9 +6,9 @@ if (!isset($_REQUEST['id'])) {
$id = (string)$_REQUEST['id'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'core:Logout:afterbridge');
diff --git a/modules/core/www/loginuserpass.php b/modules/core/www/loginuserpass.php
index cda363b40..6a2dc9718 100644
--- a/modules/core/www/loginuserpass.php
+++ b/modules/core/www/loginuserpass.php
@@ -16,9 +16,9 @@ if (!array_key_exists('AuthState', $_REQUEST)) {
$authStateId = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($authStateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
diff --git a/modules/core/www/loginuserpassorg.php b/modules/core/www/loginuserpassorg.php
index abd9a532e..3e5b9fe35 100644
--- a/modules/core/www/loginuserpassorg.php
+++ b/modules/core/www/loginuserpassorg.php
@@ -16,9 +16,9 @@ if (!array_key_exists('AuthState', $_REQUEST)) {
$authStateId = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($authStateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
diff --git a/modules/core/www/short_sso_interval.php b/modules/core/www/short_sso_interval.php
index e9e5b159d..3a44634b8 100644
--- a/modules/core/www/short_sso_interval.php
+++ b/modules/core/www/short_sso_interval.php
@@ -14,9 +14,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
$id = $_REQUEST['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'core:short_sso_interval');
diff --git a/modules/exampleauth/lib/Auth/Source/External.php b/modules/exampleauth/lib/Auth/Source/External.php
index 53818e9b2..256a3dec3 100644
--- a/modules/exampleauth/lib/Auth/Source/External.php
+++ b/modules/exampleauth/lib/Auth/Source/External.php
@@ -187,9 +187,9 @@ class sspmod_exampleauth_Auth_Source_External extends SimpleSAML_Auth_Source {
$stateId = (string)$_REQUEST['State'];
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($stateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/*
diff --git a/modules/exampleauth/www/authpage.php b/modules/exampleauth/www/authpage.php
index bcd01b8d4..91ff79170 100644
--- a/modules/exampleauth/www/authpage.php
+++ b/modules/exampleauth/www/authpage.php
@@ -33,9 +33,9 @@ if (!preg_match('@State=(.*)@', $returnTo, $matches)) {
$stateId = urldecode($matches[1]);
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($stateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
SimpleSAML_Auth_State::loadState($stateId, 'exampleauth:External');
diff --git a/modules/exampleauth/www/redirecttest.php b/modules/exampleauth/www/redirecttest.php
index c6d4fb86e..8a38fc4a4 100644
--- a/modules/exampleauth/www/redirecttest.php
+++ b/modules/exampleauth/www/redirecttest.php
@@ -15,9 +15,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
$id = $_REQUEST['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'exampleauth:redirectfilter-test');
diff --git a/modules/expirycheck/www/about2expire.php b/modules/expirycheck/www/about2expire.php
index 487b3f8df..671700503 100644
--- a/modules/expirycheck/www/about2expire.php
+++ b/modules/expirycheck/www/about2expire.php
@@ -16,9 +16,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
$id = $_REQUEST['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'expirywarning:about2expire');
diff --git a/modules/expirycheck/www/expired.php b/modules/expirycheck/www/expired.php
index 5ec7b93a1..4279f3e6e 100644
--- a/modules/expirycheck/www/expired.php
+++ b/modules/expirycheck/www/expired.php
@@ -16,9 +16,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
$id = $_REQUEST['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'expirywarning:expired');
diff --git a/modules/multiauth/www/selectsource.php b/modules/multiauth/www/selectsource.php
index afa28ed50..de278437c 100644
--- a/modules/multiauth/www/selectsource.php
+++ b/modules/multiauth/www/selectsource.php
@@ -17,9 +17,9 @@ if (!array_key_exists('AuthState', $_REQUEST)) {
$authStateId = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($authStateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
diff --git a/modules/negotiate/www/backend.php b/modules/negotiate/www/backend.php
index 347ce8dc9..a3924ab40 100644
--- a/modules/negotiate/www/backend.php
+++ b/modules/negotiate/www/backend.php
@@ -12,9 +12,9 @@
$authStateId = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($authStateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_negotiate_Auth_Source_Negotiate::STAGEID);
diff --git a/modules/negotiate/www/retry.php b/modules/negotiate/www/retry.php
index 858b83678..1f75c61d6 100644
--- a/modules/negotiate/www/retry.php
+++ b/modules/negotiate/www/retry.php
@@ -12,9 +12,9 @@
$authStateId = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($authStateId);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_negotiate_Auth_Source_Negotiate::STAGEID);
diff --git a/modules/openid/www/consumer.php b/modules/openid/www/consumer.php
index 0f8067c0e..63f83a3e9 100644
--- a/modules/openid/www/consumer.php
+++ b/modules/openid/www/consumer.php
@@ -8,9 +8,9 @@ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState']))
$authState = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($authState);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($authState);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($authState, 'openid:init');
diff --git a/modules/openid/www/linkback.php b/modules/openid/www/linkback.php
index 6108ca73e..aa938cca3 100644
--- a/modules/openid/www/linkback.php
+++ b/modules/openid/www/linkback.php
@@ -8,9 +8,9 @@ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState']))
$authState = $_REQUEST['AuthState'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($authState);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($authState);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($authState, 'openid:auth');
diff --git a/modules/openidProvider/lib/Server.php b/modules/openidProvider/lib/Server.php
index 956a7e4b8..b49223d35 100644
--- a/modules/openidProvider/lib/Server.php
+++ b/modules/openidProvider/lib/Server.php
@@ -330,9 +330,9 @@ class sspmod_openidProvider_Server {
assert('is_string($stateId)');
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($stateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
return SimpleSAML_Auth_State::loadState($stateId, 'openidProvider:resumeState');
diff --git a/modules/papi/lib/Auth/Source/PAPI.php b/modules/papi/lib/Auth/Source/PAPI.php
index c07409346..d9c39b61c 100644
--- a/modules/papi/lib/Auth/Source/PAPI.php
+++ b/modules/papi/lib/Auth/Source/PAPI.php
@@ -117,9 +117,9 @@ class sspmod_papi_Auth_Source_PAPI extends SimpleSAML_Auth_Source {
$this->_stateId = (string)$_REQUEST['SSPStateID'];
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($this->_stateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($this->_stateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($this->_stateId, self::STAGE_INIT);
@@ -170,9 +170,9 @@ class sspmod_papi_Auth_Source_PAPI extends SimpleSAML_Auth_Source {
$this->_stateId = (string)$_REQUEST['SSPStateID'];
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($this->_stateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($this->_stateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($this->_stateId, self::STAGE_INIT);
diff --git a/modules/preprodwarning/www/showwarning.php b/modules/preprodwarning/www/showwarning.php
index 2c50860dd..1c4c6aa19 100644
--- a/modules/preprodwarning/www/showwarning.php
+++ b/modules/preprodwarning/www/showwarning.php
@@ -17,9 +17,9 @@ if (!array_key_exists('StateId', $_REQUEST)) {
$id = $_REQUEST['StateId'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($id);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'warning:request');
diff --git a/modules/saml/www/sp/discoresp.php b/modules/saml/www/sp/discoresp.php
index 1479f8a42..5d6d55bb7 100644
--- a/modules/saml/www/sp/discoresp.php
+++ b/modules/saml/www/sp/discoresp.php
@@ -15,9 +15,9 @@ if (!array_key_exists('idpentityid', $_REQUEST)) {
$stateID = $_REQUEST['AuthID'];
// sanitize the input
-$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateID);
-if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+$sid = SimpleSAML_Utilities::parseStateID($stateID);
+if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($stateID, 'saml:sp:sso');
diff --git a/modules/saml/www/sp/saml1-acs.php b/modules/saml/www/sp/saml1-acs.php
index d9a594c5e..95cc91b58 100644
--- a/modules/saml/www/sp/saml1-acs.php
+++ b/modules/saml/www/sp/saml1-acs.php
@@ -32,9 +32,9 @@ if (preg_match('@^https?://@i', $target)) {
$stateID = $_REQUEST['TARGET'];
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateID);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($stateID);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($stateID, 'saml:sp:sso');
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index 09723b642..dc0375834 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -54,9 +54,9 @@ $stateId = $response->getInResponseTo();
if (!empty($stateId)) {
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($stateId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* This is a response to a request we sent earlier. */
diff --git a/modules/saml/www/sp/saml2-logout.php b/modules/saml/www/sp/saml2-logout.php
index 5d3602433..950f3b008 100644
--- a/modules/saml/www/sp/saml2-logout.php
+++ b/modules/saml/www/sp/saml2-logout.php
@@ -55,9 +55,9 @@ if ($message instanceof SAML2_LogoutResponse) {
}
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($relayState);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($relayState);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($relayState, 'saml:slosent');
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
index c7dc96f29..b55fc97be 100644
--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -61,9 +61,9 @@ if (array_key_exists(SimpleSAML_Auth_ProcessingChain::AUTHPARAM, $_REQUEST)) {
$authProcId = $_REQUEST[SimpleSAML_Auth_ProcessingChain::AUTHPARAM];
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($authProcId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($authProcId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$authProcState = SimpleSAML_Auth_ProcessingChain::fetchProcessedState($authProcId);
diff --git a/www/shib13/sp/AssertionConsumerService.php b/www/shib13/sp/AssertionConsumerService.php
index bc5a4368c..6d04f8ca1 100644
--- a/www/shib13/sp/AssertionConsumerService.php
+++ b/www/shib13/sp/AssertionConsumerService.php
@@ -49,9 +49,9 @@ if (array_key_exists(SimpleSAML_Auth_ProcessingChain::AUTHPARAM, $_REQUEST)) {
$authProcId = $_REQUEST[SimpleSAML_Auth_ProcessingChain::AUTHPARAM];
// sanitize the input
- $restartURL = SimpleSAML_Utilities::getURLFromStateID($authProcId);
- if (!is_null($restartURL)) {
- SimpleSAML_Utilities::checkURLAllowed($restartURL);
+ $sid = SimpleSAML_Utilities::parseStateID($authProcId);
+ if (!is_null($sid['url'])) {
+ SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$authProcState = SimpleSAML_Auth_ProcessingChain::fetchProcessedState($authProcId);
--
GitLab