From 37217465b1489e75dc82787eceaf604f72068f4c Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Sat, 22 Feb 2020 16:53:02 +0100
Subject: [PATCH] Fix incorrect use of saml2 API

---
 docs/simplesamlphp-changelog.md |  6 ++++++
 lib/SimpleSAML/Session.php      | 11 ++++++-----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/docs/simplesamlphp-changelog.md b/docs/simplesamlphp-changelog.md
index d44838b81..601547d00 100644
--- a/docs/simplesamlphp-changelog.md
+++ b/docs/simplesamlphp-changelog.md
@@ -6,6 +6,12 @@ SimpleSAMLphp changelog
 This document lists the changes between versions of SimpleSAMLphp.
 See the upgrade notes for specific information about upgrading.
 
+## Version 1.18.9
+
+Released 2021-12-03
+
+  * Fix incorrect use of the saml2 API (#1543)
+
 ## Version 1.18.8
 
 Released 2020-09-02
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index 8b54ae5f2..d480c3fb7 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -235,7 +235,7 @@ class Session implements \Serializable, Utils\ClearableState
                 foreach ($values as $idx => $value) {
                     // this should be originally a DOMNodeList
                     /* @var \SAML2\XML\saml\AttributeValue $value */
-                    $this->authData[$authority]['Attributes'][$attribute][$idx] = $value->element->childNodes;
+                    $this->authData[$authority]['Attributes'][$attribute][$idx] = $value->getElement()->childNodes;
                 }
             }
         }
@@ -256,6 +256,7 @@ class Session implements \Serializable, Utils\ClearableState
 
         // check if we have stored a session stored with the session handler
         try {
+            /** @var \SimpleSAML\Session|null $session  Help Scrutinizer with the correct type */
             $session = self::getSession();
         } catch (\Exception $e) {
             /*
@@ -318,8 +319,8 @@ class Session implements \Serializable, Utils\ClearableState
      *
      * @param string|null $sessionId The session we should get, or null to get the current session.
      *
-     * @return Session|null The session that is stored in the session handler, or null if the session wasn't
-     * found.
+     * @return \SimpleSAML\Session|null The session that is stored in the session handler,
+     *   or null if the session wasn't found.
      */
     public static function getSession($sessionId = null)
     {
@@ -390,8 +391,8 @@ class Session implements \Serializable, Utils\ClearableState
      *
      * Warning: never set self::$instance yourself, call this method instead.
      *
-     * @param Session $session The session to load.
-     * @return Session The session we just loaded, just for convenience.
+     * @param \SimpleSAML\Session $session The session to load.
+     * @return \SimpleSAML\Session The session we just loaded, just for convenience.
      */
     private static function load(Session $session)
     {
-- 
GitLab