From 3a8f952a1d1d3c0d71a365e3c481be18b9f558e8 Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Wed, 22 Apr 2015 16:16:15 +0200
Subject: [PATCH] Move SimpleSAML_Utilities:: redirectUntrustedURL() to
SimpleSAML\Utils\HTTP:: redirectUntrustedURL() and deprecate the former.
---
lib/SimpleSAML/Auth/Default.php | 2 +-
lib/SimpleSAML/Auth/State.php | 4 ++--
lib/SimpleSAML/Utilities.php | 17 ++---------------
lib/SimpleSAML/Utils/HTTP.php | 32 ++++++++++++++++++++++++++++++++
modules/core/www/login-admin.php | 2 +-
modules/oauth/www/authorize.php | 2 +-
6 files changed, 39 insertions(+), 20 deletions(-)
diff --git a/lib/SimpleSAML/Auth/Default.php b/lib/SimpleSAML/Auth/Default.php
index eaa00a28a..049855432 100644
--- a/lib/SimpleSAML/Auth/Default.php
+++ b/lib/SimpleSAML/Auth/Default.php
@@ -265,7 +265,7 @@ class SimpleSAML_Auth_Default {
$session = SimpleSAML_Session::getSessionFromRequest();
$session->doLogin($authId, self::extractPersistentAuthState($state));
- SimpleSAML_Utilities::redirectUntrustedURL($redirectTo);
+ \SimpleSAML\Utils\HTTP::redirectUntrustedURL($redirectTo);
}
}
diff --git a/lib/SimpleSAML/Auth/State.php b/lib/SimpleSAML/Auth/State.php
index aed6b822f..3c6665cc0 100644
--- a/lib/SimpleSAML/Auth/State.php
+++ b/lib/SimpleSAML/Auth/State.php
@@ -225,7 +225,7 @@ class SimpleSAML_Auth_State {
throw new SimpleSAML_Error_NoState();
}
- SimpleSAML_Utilities::redirectUntrustedURL($sid['url']);
+ \SimpleSAML\Utils\HTTP::redirectUntrustedURL($sid['url']);
}
$state = unserialize($state);
@@ -249,7 +249,7 @@ class SimpleSAML_Auth_State {
throw new Exception($msg);
}
- SimpleSAML_Utilities::redirectUntrustedURL($sid['url']);
+ \SimpleSAML\Utils\HTTP::redirectUntrustedURL($sid['url']);
}
return $state;
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 0c9c4f9fd..d8370acdc 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -293,23 +293,10 @@ class SimpleSAML_Utilities {
}
/**
- * This function redirects to the specified URL after performing the appropriate security checks on it.
- * Particularly, it will make sure that the provided URL is allowed by the 'redirect.trustedsites' directive in the
- * configuration.
- *
- * If the aforementioned option is not set or the URL does correspond to a trusted site, it performs a redirection
- * to it. If the site is not trusted, an exception will be thrown.
- *
- * See the redirectTrustedURL function for more details.
- *
- * @return void This function never returns.
+ * @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::redirectUntrustedURL() instead.
*/
public static function redirectUntrustedURL($url, $parameters = array()) {
- assert('is_string($url)');
- assert('is_array($parameters)');
-
- $url = self::checkURLAllowed($url);
- self::_doRedirect($url, $parameters);
+ return \SimpleSAML\Utils\HTTP::redirectUntrustedURL($url, $parameters);
}
/**
diff --git a/lib/SimpleSAML/Utils/HTTP.php b/lib/SimpleSAML/Utils/HTTP.php
index 0a26f301b..4a3637d43 100644
--- a/lib/SimpleSAML/Utils/HTTP.php
+++ b/lib/SimpleSAML/Utils/HTTP.php
@@ -763,6 +763,38 @@ class HTTP
}
+ /**
+ * This function redirects to the specified URL after performing the appropriate security checks on it.
+ * Particularly, it will make sure that the provided URL is allowed by the 'redirect.trustedsites' directive in the
+ * configuration.
+ *
+ * If the aforementioned option is not set or the URL does correspond to a trusted site, it performs a redirection
+ * to it. If the site is not trusted, an exception will be thrown.
+ *
+ * @param string $url The URL we should redirect to. This URL may include query parameters. If this URL is a
+ * relative URL (starting with '/'), then it will be turned into an absolute URL by prefixing it with the absolute
+ * URL to the root of the website.
+ * @param string[] $parameters An array with extra query string parameters which should be appended to the URL. The
+ * name of the parameter is the array index. The value of the parameter is the value stored in the index. Both the
+ * name and the value will be urlencoded. If the value is NULL, then the parameter will be encoded as just the
+ * name, without a value.
+ *
+ * @return void This function never returns.
+ * @throws \SimpleSAML_Error_Exception If $url is not a string or $parameters is not an array.
+ *
+ * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
+ */
+ public static function redirectUntrustedURL($url, $parameters = array())
+ {
+ if (!is_string($url) || !is_array($parameters)) {
+ throw new \SimpleSAML_Error_Exception('Invalid input parameters.');
+ }
+
+ $url = self::checkURLAllowed($url);
+ self::redirect($url, $parameters);
+ }
+
+
/**
* Resolve a (possibly) relative path from the given base path.
*
diff --git a/modules/core/www/login-admin.php b/modules/core/www/login-admin.php
index 9376d71f0..22bc7854a 100644
--- a/modules/core/www/login-admin.php
+++ b/modules/core/www/login-admin.php
@@ -9,5 +9,5 @@ if (!array_key_exists('ReturnTo', $_REQUEST)) {
SimpleSAML\Utils\Auth::requireAdmin();
-SimpleSAML_Utilities::redirectUntrustedURL($_REQUEST['ReturnTo']);
+\SimpleSAML\Utils\HTTP::redirectUntrustedURL($_REQUEST['ReturnTo']);
diff --git a/modules/oauth/www/authorize.php b/modules/oauth/www/authorize.php
index d3ef8fabd..0816dec15 100644
--- a/modules/oauth/www/authorize.php
+++ b/modules/oauth/www/authorize.php
@@ -60,7 +60,7 @@ try {
}
else if (isset($_REQUEST['oauth_callback'])) {
// If callback was provided in the request (oauth1.0)
- SimpleSAML_Utilities::redirectUntrustedURL($_REQUEST['oauth_callback']);
+ \SimpleSAML\Utils\HTTP::redirectUntrustedURL($_REQUEST['oauth_callback']);
} else {
// No callback provided, display standard template
--
GitLab