diff --git a/lib/SimpleSAML/Auth/Default.php b/lib/SimpleSAML/Auth/Default.php
index 281b83f9219d9fd4d04fb91830da1169ae2fcdde..eaa00a28af8348219f9ea2a5cc3389f0eef05843 100644
--- a/lib/SimpleSAML/Auth/Default.php
+++ b/lib/SimpleSAML/Auth/Default.php
@@ -21,11 +21,11 @@ class SimpleSAML_Auth_Default {
* @param string|array $return The URL or function we should direct the
* user to after authentication. If using a URL obtained from user input,
* please make sure to check it by calling
- * SimpleSAML_Utilities::checkURLAllowed().
+ * \SimpleSAML\Utils\HTTP::checkURLAllowed().
* @param string|NULL $errorURL The URL we should direct the user to after
* failed authentication. Can be NULL, in which case a standard error page
* will be shown. If using a URL obtained from user input, please make sure
- * to check it by calling SimpleSAML_Utilities::checkURLAllowed().
+ * to check it by calling \SimpleSAML\Utils\HTTP::checkURLAllowed().
* @param array $params Extra information about the login. Different
* authentication requestors may provide different information. Optional,
* will default to an empty array.
@@ -146,7 +146,7 @@ class SimpleSAML_Auth_Default {
* @param string $returnURL The URL we should redirect the user to after
* logging out. No checking is performed on the URL, so make sure to verify
* it on beforehand if the URL is obtained from user input. Refer to
- * SimpleSAML_Utilities::checkURLAllowed() for more information.
+ * \SimpleSAML\Utils\HTTP::checkURLAllowed() for more information.
* @param string $authority The authentication source we are logging
* out from.
*/
@@ -181,7 +181,7 @@ class SimpleSAML_Auth_Default {
* @param string $returnURL The URL we should redirect the user to after
* logging out. No checking is performed on the URL, so make sure to verify
* it on beforehand if the URL is obtained from user input. Refer to
- * SimpleSAML_Utilities::checkURLAllowed() for more information.
+ * \SimpleSAML\Utils\HTTP::checkURLAllowed() for more information.
* @param string|NULL $authority The authentication source we are logging
* out from.
* @return void This function never returns.
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 586f4cda5991f142fd8a25668c42c1438e3569a1..0c9c4f9fdbf9a05a90822d2b58019e9b24ee381b 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -102,45 +102,10 @@ class SimpleSAML_Utilities {
/**
- * Check if a URL is valid and is in our list of allowed URLs.
- *
- * @param string $url The URL to check.
- * @param array $trustedSites An optional white list of domains. If none specified, the 'trusted.url.domains'
- * configuration directive will be used.
- * @return string The normalized URL itself if it is allowed. An empty string if the $url parameter is empty as
- * defined by the empty() function.
- * @throws SimpleSAML_Error_Exception if the URL is malformed or is not allowed by configuration.
+ * @deprecated This method will be removed in SSP 2.0. Please use \SimpleSAML\Utils\HTTP::checkURLAllowed() instead.
*/
public static function checkURLAllowed($url, array $trustedSites = NULL) {
- if (empty($url)) {
- return '';
- }
- $url = self::normalizeURL($url);
-
- // get the white list of domains
- if ($trustedSites === NULL) {
- $trustedSites = SimpleSAML_Configuration::getInstance()->getArray('trusted.url.domains', NULL);
- if ($trustedSites === NULL) {
- $trustedSites = SimpleSAML_Configuration::getInstance()->getArray('redirect.trustedsites', NULL);
- }
- }
-
- // validates the URL's host is among those allowed
- if ($trustedSites !== NULL) {
- assert(is_array($trustedSites));
- preg_match('@^https?://([^/]+)@i', $url, $matches);
- $hostname = $matches[1];
-
- // add self host to the white list
- $self_host = self::getSelfHost();
- $trustedSites[] = $self_host;
-
- /* Throw exception due to redirection to untrusted site */
- if (!in_array($hostname, $trustedSites)) {
- throw new SimpleSAML_Error_Exception('URL not allowed: '.$url);
- }
- }
- return $url;
+ return \SimpleSAML\Utils\HTTP::checkURLAllowed($url, $trustedSites);
}
diff --git a/lib/SimpleSAML/Utils/HTTP.php b/lib/SimpleSAML/Utils/HTTP.php
index 81e2d451a0b04d3a3dbe2015fbcf614b9973ca9f..beef3fd1670959a15ecd080021fb082b0f883c59 100644
--- a/lib/SimpleSAML/Utils/HTTP.php
+++ b/lib/SimpleSAML/Utils/HTTP.php
@@ -258,6 +258,54 @@ class HTTP
}
+ /**
+ * Check if a URL is valid and is in our list of allowed URLs.
+ *
+ * @param string $url The URL to check.
+ * @param array $trustedSites An optional white list of domains. If none specified, the 'trusted.url.domains'
+ * configuration directive will be used.
+ *
+ * @return string The normalized URL itself if it is allowed. An empty string if the $url parameter is empty as
+ * defined by the empty() function.
+ * @throws \SimpleSAML_Error_Exception if the URL is malformed or is not allowed by configuration.
+ *
+ * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
+ */
+ public static function checkURLAllowed($url, array $trustedSites = null)
+ {
+ if (empty($url)) {
+ return '';
+ }
+ $url = self::normalizeURL($url);
+
+ // get the white list of domains
+ if ($trustedSites === null) {
+ $trustedSites = \SimpleSAML_Configuration::getInstance()->getArray('trusted.url.domains', null);
+ // TODO: remove this before 2.0
+ if ($trustedSites === null) {
+ $trustedSites = \SimpleSAML_Configuration::getInstance()->getArray('redirect.trustedsites', null);
+ }
+ }
+
+ // validates the URL's host is among those allowed
+ if ($trustedSites !== null) {
+ assert(is_array($trustedSites));
+ preg_match('@^https?://([^/]+)@i', $url, $matches);
+ $hostname = $matches[1];
+
+ // add self host to the white list
+ $self_host = self::getSelfHost();
+ $trustedSites[] = $self_host;
+
+ // throw exception due to redirection to untrusted site
+ if (!in_array($hostname, $trustedSites)) {
+ throw new \SimpleSAML_Error_Exception('URL not allowed: '.$url);
+ }
+ }
+ return $url;
+ }
+
+
/**
* Helper function to retrieve a file or URL with proxy support.
*
diff --git a/lib/SimpleSAML/XHTML/IdPDisco.php b/lib/SimpleSAML/XHTML/IdPDisco.php
index 75ae16d409d549a7ca3bee937f69940a4a3bbf87..8b084f315893ad8d3310ec213c0ab2827c1eda28 100644
--- a/lib/SimpleSAML/XHTML/IdPDisco.php
+++ b/lib/SimpleSAML/XHTML/IdPDisco.php
@@ -123,7 +123,7 @@ class SimpleSAML_XHTML_IdPDisco {
if(!array_key_exists('return', $_GET)) {
throw new Exception('Missing parameter: return');
} else {
- $this->returnURL = SimpleSAML_Utilities::checkURLAllowed($_GET['return']);
+ $this->returnURL = \SimpleSAML\Utils\HTTP::checkURLAllowed($_GET['return']);
}
$this->isPassive = FALSE;
diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php
index 62fd9200aab6ca8f8900a7457cf85c3c57e7ce68..6e8fd9e7b427392384943816612ec8b2429b0ada 100644
--- a/modules/adfs/lib/IdP/ADFS.php
+++ b/modules/adfs/lib/IdP/ADFS.php
@@ -175,7 +175,7 @@ class sspmod_adfs_IdP_ADFS {
// if a redirect is to occur based on wreply, we will redirect to url as
// this implies an override to normal sp notification.
if(isset($_GET['wreply']) && !empty($_GET['wreply'])) {
- $idp->doLogoutRedirect(SimpleSAML_Utilities::checkURLAllowed($_GET['wreply']));
+ $idp->doLogoutRedirect(\SimpleSAML\Utils\HTTP::checkURLAllowed($_GET['wreply']));
assert(FALSE);
}
diff --git a/modules/core/www/as_login.php b/modules/core/www/as_login.php
index c4c7b7e7cc4821897c819deb5406ce29616e0048..dc1a61b11ec5b17e42391a857f3dc59ee2b22a65 100644
--- a/modules/core/www/as_login.php
+++ b/modules/core/www/as_login.php
@@ -18,7 +18,7 @@ if (!is_string($_REQUEST['AuthId'])) {
* Setting up the options for the requireAuth() call later..
*/
$options = array(
- 'ReturnTo' => SimpleSAML_Utilities::checkURLAllowed($_REQUEST['ReturnTo']),
+ 'ReturnTo' => \SimpleSAML\Utils\HTTP::checkURLAllowed($_REQUEST['ReturnTo']),
);
/*
diff --git a/modules/core/www/as_logout.php b/modules/core/www/as_logout.php
index 101c8ed87b2ac178e97295d642f8d25b0c72b2ee..aa9effe6df6db553e9060c01df49301925daf40f 100644
--- a/modules/core/www/as_logout.php
+++ b/modules/core/www/as_logout.php
@@ -15,4 +15,4 @@ if (!isset($_REQUEST['AuthId']) || !is_string($_REQUEST['AuthId'])) {
}
$as = new SimpleSAML_Auth_Simple($_REQUEST['AuthId']);
-$as->logout(SimpleSAML_Utilities::checkURLAllowed($_REQUEST['ReturnTo']));
+$as->logout(\SimpleSAML\Utils\HTTP::checkURLAllowed($_REQUEST['ReturnTo']));
diff --git a/modules/core/www/cleardiscochoices.php b/modules/core/www/cleardiscochoices.php
index fe0901bfea72e28b8a98f75ec472f45c15f4fa1d..0e8dab557775d86350d97004939540589bf154b9 100644
--- a/modules/core/www/cleardiscochoices.php
+++ b/modules/core/www/cleardiscochoices.php
@@ -26,7 +26,7 @@ foreach($_COOKIE as $cookieName => $value) {
/* Find where we should go now. */
if(array_key_exists('ReturnTo', $_REQUEST)) {
- $returnTo = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['ReturnTo']);
+ $returnTo = \SimpleSAML\Utils\HTTP::checkURLAllowed($_REQUEST['ReturnTo']);
} else {
/* Return to the front page if no other destination is given. This is the same as the base cookie path. */
$returnTo = $cookiePath;
diff --git a/modules/exampleauth/www/authpage.php b/modules/exampleauth/www/authpage.php
index cf4c96cbae2ba3529274316109a362eb47ccb283..fa77c9f95dd53b9a05e13a66f73fb2eb13abb17b 100644
--- a/modules/exampleauth/www/authpage.php
+++ b/modules/exampleauth/www/authpage.php
@@ -13,7 +13,7 @@ if (!isset($_REQUEST['ReturnTo'])) {
die('Missing ReturnTo parameter.');
}
-$returnTo = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['ReturnTo']);
+$returnTo = \SimpleSAML\Utils\HTTP::checkURLAllowed($_REQUEST['ReturnTo']);
/*
diff --git a/modules/saml/www/sp/saml1-acs.php b/modules/saml/www/sp/saml1-acs.php
index 45b317dc3b932776898a605667fadc4c424ac0d4..bd8d41b939f5cb536f3da93918da94b08eff8137 100644
--- a/modules/saml/www/sp/saml1-acs.php
+++ b/modules/saml/www/sp/saml1-acs.php
@@ -30,7 +30,7 @@ if (preg_match('@^https?://@i', $target)) {
$state = array(
'saml:sp:isUnsolicited' => TRUE,
'saml:sp:AuthId' => $sourceId,
- 'saml:sp:RelayState' => SimpleSAML_Utilities::checkURLAllowed($target),
+ 'saml:sp:RelayState' => \SimpleSAML\Utils\HTTP::checkURLAllowed($target),
);
} else {
$state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:sso');
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index 7ab671ed96184545dbf25fce12ea6480ede0807a..68751e374a0f90da2de24735e358e43c87465673 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -90,7 +90,7 @@ if (!empty($stateId)) {
$state = array(
'saml:sp:isUnsolicited' => TRUE,
'saml:sp:AuthId' => $sourceId,
- 'saml:sp:RelayState' => SimpleSAML_Utilities::checkURLAllowed($response->getRelayState()),
+ 'saml:sp:RelayState' => \SimpleSAML\Utils\HTTP::checkURLAllowed($response->getRelayState()),
);
}
diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php
index 032027abf204daa7201cf0796b320aa31a66db62..1ecaf01c45c9ef46585a26a5782ac73581cf24ed 100644
--- a/www/saml2/idp/SingleLogoutService.php
+++ b/www/saml2/idp/SingleLogoutService.php
@@ -17,7 +17,7 @@ $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp = SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
if (isset($_REQUEST['ReturnTo'])) {
- $idp->doLogoutRedirect(SimpleSAML_Utilities::checkURLAllowed((string)$_REQUEST['ReturnTo']));
+ $idp->doLogoutRedirect(\SimpleSAML\Utils\HTTP::checkURLAllowed((string)$_REQUEST['ReturnTo']));
} else {
try {
sspmod_saml_IdP_SAML2::receiveLogoutMessage($idp);
diff --git a/www/saml2/idp/initSLO.php b/www/saml2/idp/initSLO.php
index 87191b7772776197e317132bc239fb526da994f4..52c73b75101f42bae6efd60f1ab83a3ffe312c39 100644
--- a/www/saml2/idp/initSLO.php
+++ b/www/saml2/idp/initSLO.php
@@ -11,5 +11,5 @@ if (!isset($_GET['RelayState'])) {
throw new SimpleSAML_Error_Error('NORELAYSTATE');
}
-$idp->doLogoutRedirect(SimpleSAML_Utilities::checkURLAllowed((string)$_GET['RelayState']));
+$idp->doLogoutRedirect(\SimpleSAML\Utils\HTTP::checkURLAllowed((string)$_GET['RelayState']));
assert('FALSE');
\ No newline at end of file