Skip to content
Snippets Groups Projects
Commit 3796a81e authored by Hans Zandbelt's avatar Hans Zandbelt
Browse files

more empty attribute value checks and html-escaping of values

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1709 44740490-163a-0410-bde0-09ae8108e29a
parent 0f9d215d
No related branches found
No related tags found
No related merge requests found
...@@ -43,20 +43,24 @@ function ADFS_GenerateResponse($issuer, $target, $nameid, $attributes) { ...@@ -43,20 +43,24 @@ function ADFS_GenerateResponse($issuer, $target, $nameid, $attributes) {
</saml:Conditions> </saml:Conditions>
<saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="' . $issueInstant . '"> <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="' . $issueInstant . '">
<saml:Subject> <saml:Subject>
<saml:NameIdentifier Format="' . $nameidFormat . '">' . $nameid . '</saml:NameIdentifier> <saml:NameIdentifier Format="' . $nameidFormat . '">' . htmlspecialchars($nameid) . '</saml:NameIdentifier>
</saml:Subject> </saml:Subject>
</saml:AuthenticationStatement> </saml:AuthenticationStatement>
<saml:AttributeStatement> <saml:AttributeStatement>
<saml:Subject> <saml:Subject>
<saml:NameIdentifier Format="' . $nameidFormat . '">' . $nameid . '</saml:NameIdentifier> <saml:NameIdentifier Format="' . $nameidFormat . '">' . htmlspecialchars($nameid) . '</saml:NameIdentifier>
</saml:Subject>'; </saml:Subject>';
foreach ($attributes as $name => $values) { foreach ($attributes as $name => $values) {
if ((!is_array($values)) || (count($values) == 0)) continue; if ((!is_array($values)) || (count($values) == 0)) continue;
$result .= '<saml:Attribute AttributeNamespace="http://schemas.xmlsoap.org/claims" AttributeName="' . $name .'">'; $hasValue = FALSE;
$r = '<saml:Attribute AttributeNamespace="http://schemas.xmlsoap.org/claims" AttributeName="' . htmlspecialchars($name) .'">';
foreach ($values as $value) { foreach ($values as $value) {
$result .= '<saml:AttributeValue>' . $value . '</saml:AttributeValue>'; if (isset($value) or ($value !== '')) continue;
$r .= '<saml:AttributeValue>' . htmlspecialchars($value) . '</saml:AttributeValue>';
$hasValue = TRUE;
} }
$result .= '</saml:Attribute>'; $r .= '</saml:Attribute>';
if ($hasValue) $result .= $r;
} }
$result .= ' $result .= '
</saml:AttributeStatement> </saml:AttributeStatement>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment