From 2823c27a7d84fe2ba776980b0b211e5433dab409 Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Wed, 22 Apr 2015 14:31:16 +0200
Subject: [PATCH] Move SimpleSAML_Utilities:: checkURLAllowed() to
SimpleSAML\Utils\HTTP:: checkURLAllowed() and deprecate the former.
---
lib/SimpleSAML/Auth/Default.php | 8 ++---
lib/SimpleSAML/Utilities.php | 39 ++-------------------
lib/SimpleSAML/Utils/HTTP.php | 48 ++++++++++++++++++++++++++
lib/SimpleSAML/XHTML/IdPDisco.php | 2 +-
modules/adfs/lib/IdP/ADFS.php | 2 +-
modules/core/www/as_login.php | 2 +-
modules/core/www/as_logout.php | 2 +-
modules/core/www/cleardiscochoices.php | 2 +-
modules/exampleauth/www/authpage.php | 2 +-
modules/saml/www/sp/saml1-acs.php | 2 +-
modules/saml/www/sp/saml2-acs.php | 2 +-
www/saml2/idp/SingleLogoutService.php | 2 +-
www/saml2/idp/initSLO.php | 2 +-
13 files changed, 64 insertions(+), 51 deletions(-)
diff --git a/lib/SimpleSAML/Auth/Default.php b/lib/SimpleSAML/Auth/Default.php
index 281b83f92..eaa00a28a 100644
--- a/lib/SimpleSAML/Auth/Default.php
+++ b/lib/SimpleSAML/Auth/Default.php
@@ -21,11 +21,11 @@ class SimpleSAML_Auth_Default {
* @param string|array $return The URL or function we should direct the
* user to after authentication. If using a URL obtained from user input,
* please make sure to check it by calling
- * SimpleSAML_Utilities::checkURLAllowed().
+ * \SimpleSAML\Utils\HTTP::checkURLAllowed().
* @param string|NULL $errorURL The URL we should direct the user to after
* failed authentication. Can be NULL, in which case a standard error page
* will be shown. If using a URL obtained from user input, please make sure
- * to check it by calling SimpleSAML_Utilities::checkURLAllowed().
+ * to check it by calling \SimpleSAML\Utils\HTTP::checkURLAllowed().
* @param array $params Extra information about the login. Different
* authentication requestors may provide different information. Optional,
* will default to an empty array.
@@ -146,7 +146,7 @@ class SimpleSAML_Auth_Default {
* @param string $returnURL The URL we should redirect the user to after
* logging out. No checking is performed on the URL, so make sure to verify
* it on beforehand if the URL is obtained from user input. Refer to
- * SimpleSAML_Utilities::checkURLAllowed() for more information.
+ * \SimpleSAML\Utils\HTTP::checkURLAllowed() for more information.
* @param string $authority The authentication source we are logging
* out from.
*/
@@ -181,7 +181,7 @@ class SimpleSAML_Auth_Default {
* @param string $returnURL The URL we should redirect the user to after
* logging out. No checking is performed on the URL, so make sure to verify
* it on beforehand if the URL is obtained from user input. Refer to
- * SimpleSAML_Utilities::checkURLAllowed() for more information.
+ * \SimpleSAML\Utils\HTTP::checkURLAllowed() for more information.
* @param string|NULL $authority The authentication source we are logging
* out from.
* @return void This function never returns.
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 586f4cda5..0c9c4f9fd 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -102,45 +102,10 @@ class SimpleSAML_Utilities {
/**
- * Check if a URL is valid and is in our list of allowed URLs.
- *
- * @param string $url The URL to check.
- * @param array $trustedSites An optional white list of domains. If none specified, the 'trusted.url.domains'
- * configuration directive will be used.
- * @return string The normalized URL itself if it is allowed. An empty string if the $url parameter is empty as
- * defined by the empty() function.
- * @throws SimpleSAML_Error_Exception if the URL is malformed or is not allowed by configuration.
+ * @deprecated This method will be removed in SSP 2.0. Please use \SimpleSAML\Utils\HTTP::checkURLAllowed() instead.
*/
public static function checkURLAllowed($url, array $trustedSites = NULL) {
- if (empty($url)) {
- return '';
- }
- $url = self::normalizeURL($url);
-
- // get the white list of domains
- if ($trustedSites === NULL) {
- $trustedSites = SimpleSAML_Configuration::getInstance()->getArray('trusted.url.domains', NULL);
- if ($trustedSites === NULL) {
- $trustedSites = SimpleSAML_Configuration::getInstance()->getArray('redirect.trustedsites', NULL);
- }
- }
-
- // validates the URL's host is among those allowed
- if ($trustedSites !== NULL) {
- assert(is_array($trustedSites));
- preg_match('@^https?://([^/]+)@i', $url, $matches);
- $hostname = $matches[1];
-
- // add self host to the white list
- $self_host = self::getSelfHost();
- $trustedSites[] = $self_host;
-
- /* Throw exception due to redirection to untrusted site */
- if (!in_array($hostname, $trustedSites)) {
- throw new SimpleSAML_Error_Exception('URL not allowed: '.$url);
- }
- }
- return $url;
+ return \SimpleSAML\Utils\HTTP::checkURLAllowed($url, $trustedSites);
}
diff --git a/lib/SimpleSAML/Utils/HTTP.php b/lib/SimpleSAML/Utils/HTTP.php
index 81e2d451a..beef3fd16 100644
--- a/lib/SimpleSAML/Utils/HTTP.php
+++ b/lib/SimpleSAML/Utils/HTTP.php
@@ -258,6 +258,54 @@ class HTTP
}
+ /**
+ * Check if a URL is valid and is in our list of allowed URLs.
+ *
+ * @param string $url The URL to check.
+ * @param array $trustedSites An optional white list of domains. If none specified, the 'trusted.url.domains'
+ * configuration directive will be used.
+ *
+ * @return string The normalized URL itself if it is allowed. An empty string if the $url parameter is empty as
+ * defined by the empty() function.
+ * @throws \SimpleSAML_Error_Exception if the URL is malformed or is not allowed by configuration.
+ *
+ * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
+ */
+ public static function checkURLAllowed($url, array $trustedSites = null)
+ {
+ if (empty($url)) {
+ return '';
+ }
+ $url = self::normalizeURL($url);
+
+ // get the white list of domains
+ if ($trustedSites === null) {
+ $trustedSites = \SimpleSAML_Configuration::getInstance()->getArray('trusted.url.domains', null);
+ // TODO: remove this before 2.0
+ if ($trustedSites === null) {
+ $trustedSites = \SimpleSAML_Configuration::getInstance()->getArray('redirect.trustedsites', null);
+ }
+ }
+
+ // validates the URL's host is among those allowed
+ if ($trustedSites !== null) {
+ assert(is_array($trustedSites));
+ preg_match('@^https?://([^/]+)@i', $url, $matches);
+ $hostname = $matches[1];
+
+ // add self host to the white list
+ $self_host = self::getSelfHost();
+ $trustedSites[] = $self_host;
+
+ // throw exception due to redirection to untrusted site
+ if (!in_array($hostname, $trustedSites)) {
+ throw new \SimpleSAML_Error_Exception('URL not allowed: '.$url);
+ }
+ }
+ return $url;
+ }
+
+
/**
* Helper function to retrieve a file or URL with proxy support.
*
diff --git a/lib/SimpleSAML/XHTML/IdPDisco.php b/lib/SimpleSAML/XHTML/IdPDisco.php
index 75ae16d40..8b084f315 100644
--- a/lib/SimpleSAML/XHTML/IdPDisco.php
+++ b/lib/SimpleSAML/XHTML/IdPDisco.php
@@ -123,7 +123,7 @@ class SimpleSAML_XHTML_IdPDisco {
if(!array_key_exists('return', $_GET)) {
throw new Exception('Missing parameter: return');
} else {
- $this->returnURL = SimpleSAML_Utilities::checkURLAllowed($_GET['return']);
+ $this->returnURL = \SimpleSAML\Utils\HTTP::checkURLAllowed($_GET['return']);
}
$this->isPassive = FALSE;
diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php
index 62fd9200a..6e8fd9e7b 100644
--- a/modules/adfs/lib/IdP/ADFS.php
+++ b/modules/adfs/lib/IdP/ADFS.php
@@ -175,7 +175,7 @@ class sspmod_adfs_IdP_ADFS {
// if a redirect is to occur based on wreply, we will redirect to url as
// this implies an override to normal sp notification.
if(isset($_GET['wreply']) && !empty($_GET['wreply'])) {
- $idp->doLogoutRedirect(SimpleSAML_Utilities::checkURLAllowed($_GET['wreply']));
+ $idp->doLogoutRedirect(\SimpleSAML\Utils\HTTP::checkURLAllowed($_GET['wreply']));
assert(FALSE);
}
diff --git a/modules/core/www/as_login.php b/modules/core/www/as_login.php
index c4c7b7e7c..dc1a61b11 100644
--- a/modules/core/www/as_login.php
+++ b/modules/core/www/as_login.php
@@ -18,7 +18,7 @@ if (!is_string($_REQUEST['AuthId'])) {
* Setting up the options for the requireAuth() call later..
*/
$options = array(
- 'ReturnTo' => SimpleSAML_Utilities::checkURLAllowed($_REQUEST['ReturnTo']),
+ 'ReturnTo' => \SimpleSAML\Utils\HTTP::checkURLAllowed($_REQUEST['ReturnTo']),
);
/*
diff --git a/modules/core/www/as_logout.php b/modules/core/www/as_logout.php
index 101c8ed87..aa9effe6d 100644
--- a/modules/core/www/as_logout.php
+++ b/modules/core/www/as_logout.php
@@ -15,4 +15,4 @@ if (!isset($_REQUEST['AuthId']) || !is_string($_REQUEST['AuthId'])) {
}
$as = new SimpleSAML_Auth_Simple($_REQUEST['AuthId']);
-$as->logout(SimpleSAML_Utilities::checkURLAllowed($_REQUEST['ReturnTo']));
+$as->logout(\SimpleSAML\Utils\HTTP::checkURLAllowed($_REQUEST['ReturnTo']));
diff --git a/modules/core/www/cleardiscochoices.php b/modules/core/www/cleardiscochoices.php
index fe0901bfe..0e8dab557 100644
--- a/modules/core/www/cleardiscochoices.php
+++ b/modules/core/www/cleardiscochoices.php
@@ -26,7 +26,7 @@ foreach($_COOKIE as $cookieName => $value) {
/* Find where we should go now. */
if(array_key_exists('ReturnTo', $_REQUEST)) {
- $returnTo = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['ReturnTo']);
+ $returnTo = \SimpleSAML\Utils\HTTP::checkURLAllowed($_REQUEST['ReturnTo']);
} else {
/* Return to the front page if no other destination is given. This is the same as the base cookie path. */
$returnTo = $cookiePath;
diff --git a/modules/exampleauth/www/authpage.php b/modules/exampleauth/www/authpage.php
index cf4c96cba..fa77c9f95 100644
--- a/modules/exampleauth/www/authpage.php
+++ b/modules/exampleauth/www/authpage.php
@@ -13,7 +13,7 @@ if (!isset($_REQUEST['ReturnTo'])) {
die('Missing ReturnTo parameter.');
}
-$returnTo = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['ReturnTo']);
+$returnTo = \SimpleSAML\Utils\HTTP::checkURLAllowed($_REQUEST['ReturnTo']);
/*
diff --git a/modules/saml/www/sp/saml1-acs.php b/modules/saml/www/sp/saml1-acs.php
index 45b317dc3..bd8d41b93 100644
--- a/modules/saml/www/sp/saml1-acs.php
+++ b/modules/saml/www/sp/saml1-acs.php
@@ -30,7 +30,7 @@ if (preg_match('@^https?://@i', $target)) {
$state = array(
'saml:sp:isUnsolicited' => TRUE,
'saml:sp:AuthId' => $sourceId,
- 'saml:sp:RelayState' => SimpleSAML_Utilities::checkURLAllowed($target),
+ 'saml:sp:RelayState' => \SimpleSAML\Utils\HTTP::checkURLAllowed($target),
);
} else {
$state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:sso');
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index 7ab671ed9..68751e374 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -90,7 +90,7 @@ if (!empty($stateId)) {
$state = array(
'saml:sp:isUnsolicited' => TRUE,
'saml:sp:AuthId' => $sourceId,
- 'saml:sp:RelayState' => SimpleSAML_Utilities::checkURLAllowed($response->getRelayState()),
+ 'saml:sp:RelayState' => \SimpleSAML\Utils\HTTP::checkURLAllowed($response->getRelayState()),
);
}
diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php
index 032027abf..1ecaf01c4 100644
--- a/www/saml2/idp/SingleLogoutService.php
+++ b/www/saml2/idp/SingleLogoutService.php
@@ -17,7 +17,7 @@ $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp = SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
if (isset($_REQUEST['ReturnTo'])) {
- $idp->doLogoutRedirect(SimpleSAML_Utilities::checkURLAllowed((string)$_REQUEST['ReturnTo']));
+ $idp->doLogoutRedirect(\SimpleSAML\Utils\HTTP::checkURLAllowed((string)$_REQUEST['ReturnTo']));
} else {
try {
sspmod_saml_IdP_SAML2::receiveLogoutMessage($idp);
diff --git a/www/saml2/idp/initSLO.php b/www/saml2/idp/initSLO.php
index 87191b777..52c73b751 100644
--- a/www/saml2/idp/initSLO.php
+++ b/www/saml2/idp/initSLO.php
@@ -11,5 +11,5 @@ if (!isset($_GET['RelayState'])) {
throw new SimpleSAML_Error_Error('NORELAYSTATE');
}
-$idp->doLogoutRedirect(SimpleSAML_Utilities::checkURLAllowed((string)$_GET['RelayState']));
+$idp->doLogoutRedirect(\SimpleSAML\Utils\HTTP::checkURLAllowed((string)$_GET['RelayState']));
assert('FALSE');
\ No newline at end of file
--
GitLab