From 4c18f4505584a284ab76c1b2c4422b572673f1d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Pe=CC=81rez=20Crespo?= <jaime.perez@uninett.no>
Date: Wed, 25 Oct 2017 10:26:29 +0200
Subject: [PATCH] Make sure calls to in_array() use strict comparisons.
---
bin/pwgen.php | 2 +-
lib/SimpleSAML/Auth/TimeLimitedToken.php | 2 +-
lib/SimpleSAML/Locale/Language.php | 2 +-
lib/SimpleSAML/Logger.php | 2 +-
.../Metadata/MetaDataStorageHandlerPdo.php | 4 +-
lib/SimpleSAML/Metadata/SAMLBuilder.php | 2 +-
lib/SimpleSAML/Metadata/Signer.php | 2 +-
lib/SimpleSAML/Module.php | 2 +-
lib/SimpleSAML/Utils/Config/Metadata.php | 2 +-
lib/SimpleSAML/Utils/Crypto.php | 8 ++--
lib/SimpleSAML/Utils/HTTP.php | 2 +-
lib/SimpleSAML/Utils/XML.php | 2 +-
lib/SimpleSAML/XML/Validator.php | 2 +-
modules/casserver/www/login.php | 2 +-
modules/consent/lib/Auth/Process/Consent.php | 2 +-
modules/consent/www/getconsent.php | 2 +-
modules/core/hooks/hook_sanitycheck.php | 2 +-
.../core/lib/Storage/SQLPermanentStorage.php | 2 +-
modules/core/www/show_metadata.php | 3 +-
modules/cron/lib/Cron.php | 2 +-
modules/discopower/lib/PowerIdPDisco.php | 10 ++---
.../lib/Auth/Process/AttributeAddFromLDAP.php | 41 +++++++++++--------
.../Auth/Process/AttributeAddUsersGroups.php | 2 +-
.../templates/memcachestat.tpl.php | 2 +-
modules/metarefresh/hooks/hook_cron.php | 2 +-
modules/metarefresh/lib/MetaLoader.php | 6 +--
.../multiauth/lib/Auth/Source/MultiAuth.php | 2 +-
modules/portal/lib/Portal.php | 4 +-
.../Process/ExpectedAuthnContextClassRef.php | 2 +-
.../lib/Auth/Process/SQLPersistentNameID.php | 4 +-
modules/saml/lib/Auth/Source/SP.php | 6 +--
modules/saml/lib/Message.php | 2 +-
modules/saml/www/sp/saml2-acs.php | 2 +-
modules/statistics/lib/AccessCheck.php | 2 +-
modules/statistics/lib/LogCleaner.php | 2 +-
modules/statistics/lib/Ruleset.php | 2 +-
.../lib/Statistics/Rulesets/BaseRule.php | 4 +-
modules/statistics/www/statmeta.php | 6 +--
38 files changed, 79 insertions(+), 71 deletions(-)
diff --git a/bin/pwgen.php b/bin/pwgen.php
index e91486d35..97d82d1e2 100755
--- a/bin/pwgen.php
+++ b/bin/pwgen.php
@@ -36,7 +36,7 @@ if (empty($algo)) {
$algo = 'sha256';
}
-if (!in_array(strtolower($algo), hash_algos())) {
+if (!in_array(strtolower($algo), hash_algos(), true)) {
echo "Hashing algorithm '$algo' is not supported\n";
exit(1);
}
diff --git a/lib/SimpleSAML/Auth/TimeLimitedToken.php b/lib/SimpleSAML/Auth/TimeLimitedToken.php
index ad0349ab5..0fd02dd4f 100644
--- a/lib/SimpleSAML/Auth/TimeLimitedToken.php
+++ b/lib/SimpleSAML/Auth/TimeLimitedToken.php
@@ -47,7 +47,7 @@ class TimeLimitedToken
$secretSalt = \SimpleSAML\Utils\Config::getSecretSalt();
}
- if (!in_array($algo, hash_algos())) {
+ if (!in_array($algo, hash_algos(), true)) {
throw new \InvalidArgumentException('Invalid hash algorithm "'.$algo.'"');
}
diff --git a/lib/SimpleSAML/Locale/Language.php b/lib/SimpleSAML/Locale/Language.php
index 5972a74bc..edb7267c3 100644
--- a/lib/SimpleSAML/Locale/Language.php
+++ b/lib/SimpleSAML/Locale/Language.php
@@ -365,7 +365,7 @@ class Language
*/
public function isLanguageRTL()
{
- return in_array($this->getLanguage(), $this->rtlLanguages);
+ return in_array($this->getLanguage(), $this->rtlLanguages, true);
}
diff --git a/lib/SimpleSAML/Logger.php b/lib/SimpleSAML/Logger.php
index 969f59435..62180ac88 100644
--- a/lib/SimpleSAML/Logger.php
+++ b/lib/SimpleSAML/Logger.php
@@ -374,7 +374,7 @@ class Logger
}
if (class_exists($handler)) {
- if (!in_array('SimpleSAML\Logger\LoggingHandlerInterface', class_implements($handler))) {
+ if (!in_array('SimpleSAML\Logger\LoggingHandlerInterface', class_implements($handler), true)) {
throw new \Exception("The logging handler '$handler' is invalid.");
}
} else {
diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerPdo.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerPdo.php
index 09c38b3a5..0e349b795 100644
--- a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerPdo.php
+++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerPdo.php
@@ -84,7 +84,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerPdo extends SimpleSAML_Metadata_
$tableName = $this->getTableName($set);
- if (!in_array($set, $this->supportedSets)) {
+ if (!in_array($set, $this->supportedSets, true)) {
return null;
}
@@ -183,7 +183,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerPdo extends SimpleSAML_Metadata_
assert('is_string($set)');
assert('is_array($entityData)');
- if (!in_array($set, $this->supportedSets)) {
+ if (!in_array($set, $this->supportedSets, true)) {
return false;
}
diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php
index ba94200a9..2f92f0fb2 100644
--- a/lib/SimpleSAML/Metadata/SAMLBuilder.php
+++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php
@@ -418,7 +418,7 @@ class SimpleSAML_Metadata_SAMLBuilder
if ($nameFormat !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED) {
$t->NameFormat = $nameFormat;
}
- if (in_array($attribute, $attributesrequired)) {
+ if (in_array($attribute, $attributesrequired, true)) {
$t->isRequired = true;
}
$attributeconsumer->RequestedAttribute[] = $t;
diff --git a/lib/SimpleSAML/Metadata/Signer.php b/lib/SimpleSAML/Metadata/Signer.php
index 47828f494..3d3f2eaf9 100644
--- a/lib/SimpleSAML/Metadata/Signer.php
+++ b/lib/SimpleSAML/Metadata/Signer.php
@@ -181,7 +181,7 @@ class SimpleSAML_Metadata_Signer
XMLSecurityKey::RSA_SHA512,
);
- if (!in_array($alg, $supported_algs)) {
+ if (!in_array($alg, $supported_algs, true)) {
throw new \SimpleSAML\Error\CriticalConfigurationError("Unknown signature algorithm '$alg'");
}
diff --git a/lib/SimpleSAML/Module.php b/lib/SimpleSAML/Module.php
index a40ef48a7..b906b5882 100644
--- a/lib/SimpleSAML/Module.php
+++ b/lib/SimpleSAML/Module.php
@@ -152,7 +152,7 @@ class Module
return self::$module_info[$module]['enabled'];
}
- if (!empty(self::$modules) && !in_array($module, self::$modules)) {
+ if (!empty(self::$modules) && !in_array($module, self::$modules, true)) {
return false;
}
diff --git a/lib/SimpleSAML/Utils/Config/Metadata.php b/lib/SimpleSAML/Utils/Config/Metadata.php
index 8f74161aa..caf7b4a87 100644
--- a/lib/SimpleSAML/Utils/Config/Metadata.php
+++ b/lib/SimpleSAML/Utils/Config/Metadata.php
@@ -275,7 +275,7 @@ class Metadata
public static function isHiddenFromDiscovery(array $metadata)
{
\SimpleSAML\Logger::maskErrors(E_ALL);
- $hidden = in_array(self::$HIDE_FROM_DISCOVERY, $metadata['EntityAttributes'][self::$ENTITY_CATEGORY]);
+ $hidden = in_array(self::$HIDE_FROM_DISCOVERY, $metadata['EntityAttributes'][self::$ENTITY_CATEGORY], true);
\SimpleSAML\Logger::popErrorMask();
return $hidden === true;
}
diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php
index 766998eb3..61c7b5269 100644
--- a/lib/SimpleSAML/Utils/Crypto.php
+++ b/lib/SimpleSAML/Utils/Crypto.php
@@ -369,7 +369,7 @@ class Crypto
}
// hash w/o salt
- if (in_array(strtolower($algorithm), hash_algos())) {
+ if (in_array(strtolower($algorithm), hash_algos(), true)) {
$alg_str = '{'.str_replace('SHA1', 'SHA', $algorithm).'}'; // LDAP compatibility
$hash = hash(strtolower($algorithm), $password, true);
return $alg_str.base64_encode($hash);
@@ -382,7 +382,7 @@ class Crypto
$salt = openssl_random_pseudo_bytes($bytes);
}
- if ($algorithm[0] == 'S' && in_array(substr(strtolower($algorithm), 1), hash_algos())) {
+ if ($algorithm[0] == 'S' && in_array(substr(strtolower($algorithm), 1), hash_algos(), true)) {
$alg = substr(strtolower($algorithm), 1); // 'sha256' etc
$alg_str = '{'.str_replace('SSHA1', 'SSHA', $algorithm).'}'; // LDAP compatibility
$hash = hash($alg, $password.$salt, true);
@@ -449,12 +449,12 @@ class Crypto
$alg = preg_replace('/^(S?SHA)$/', '${1}1', $matches[1]);
// hash w/o salt
- if (in_array(strtolower($alg), hash_algos())) {
+ if (in_array(strtolower($alg), hash_algos(), true)) {
return self::secureCompare($hash, self::pwHash($password, $alg));
}
// hash w/ salt
- if ($alg[0] === 'S' && in_array(substr(strtolower($alg), 1), hash_algos())) {
+ if ($alg[0] === 'S' && in_array(substr(strtolower($alg), 1), hash_algos(), true)) {
$php_alg = substr(strtolower($alg), 1);
// get hash length of this algorithm to learn how long the salt is
diff --git a/lib/SimpleSAML/Utils/HTTP.php b/lib/SimpleSAML/Utils/HTTP.php
index 834901cb3..abeca2e28 100644
--- a/lib/SimpleSAML/Utils/HTTP.php
+++ b/lib/SimpleSAML/Utils/HTTP.php
@@ -367,7 +367,7 @@ class HTTP
} else {
// add self host to the white list
$trustedSites[] = $self_host;
- $trusted = in_array($hostname, $trustedSites);
+ $trusted = in_array($hostname, $trustedSites, true);
}
// throw exception due to redirection to untrusted site
diff --git a/lib/SimpleSAML/Utils/XML.php b/lib/SimpleSAML/Utils/XML.php
index 48628be40..3f540d96a 100644
--- a/lib/SimpleSAML/Utils/XML.php
+++ b/lib/SimpleSAML/Utils/XML.php
@@ -35,7 +35,7 @@ class XML
public static function checkSAMLMessage($message, $type)
{
$allowed_types = array('saml20', 'saml11', 'saml-meta');
- if (!(is_string($message) && in_array($type, $allowed_types))) {
+ if (!(is_string($message) && in_array($type, $allowed_types, true))) {
throw new \InvalidArgumentException('Invalid input parameters.');
}
diff --git a/lib/SimpleSAML/XML/Validator.php b/lib/SimpleSAML/XML/Validator.php
index 3cb6df9cf..95e6f497b 100644
--- a/lib/SimpleSAML/XML/Validator.php
+++ b/lib/SimpleSAML/XML/Validator.php
@@ -277,7 +277,7 @@ class Validator
assert('$node instanceof \DOMNode');
while ($node !== null) {
- if (in_array($node, $this->validNodes)) {
+ if (in_array($node, $this->validNodes, true)) {
return true;
}
diff --git a/modules/casserver/www/login.php b/modules/casserver/www/login.php
index f7ab7de8b..fd55f05eb 100644
--- a/modules/casserver/www/login.php
+++ b/modules/casserver/www/login.php
@@ -25,7 +25,7 @@ if (!checkServiceURL($service, $legal_service_urls))
throw new Exception('Service parameter provided to CAS server is not listed as a legal service: [service] = ' . $service);
$auth = $casconfig->getValue('auth', 'saml2');
-if (!in_array($auth, array('saml2', 'shib13')))
+if (!in_array($auth, array('saml2', 'shib13'), true))
throw new Exception('CAS Service configured to use [auth] = ' . $auth . ' only [saml2,shib13] is legal.');
$as = new \SimpleSAML\Auth\Simple($auth);
diff --git a/modules/consent/lib/Auth/Process/Consent.php b/modules/consent/lib/Auth/Process/Consent.php
index e45800e57..5c6d942a6 100644
--- a/modules/consent/lib/Auth/Process/Consent.php
+++ b/modules/consent/lib/Auth/Process/Consent.php
@@ -268,7 +268,7 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt
// Remove attributes that do not require consent
foreach ($attributes as $attrkey => $attrval) {
- if (in_array($attrkey, $this->_noconsentattributes)) {
+ if (in_array($attrkey, $this->_noconsentattributes, true)) {
unset($attributes[$attrkey]);
}
}
diff --git a/modules/consent/www/getconsent.php b/modules/consent/www/getconsent.php
index 589aa99bc..34572b231 100644
--- a/modules/consent/www/getconsent.php
+++ b/modules/consent/www/getconsent.php
@@ -87,7 +87,7 @@ $noconsentattributes = $state['consent:noconsentattributes'];
// Remove attributes that do not require consent
foreach ($attributes AS $attrkey => $attrval) {
- if (in_array($attrkey, $noconsentattributes)) {
+ if (in_array($attrkey, $noconsentattributes, true)) {
unset($attributes[$attrkey]);
}
}
diff --git a/modules/core/hooks/hook_sanitycheck.php b/modules/core/hooks/hook_sanitycheck.php
index 512fc5688..0ba7de618 100644
--- a/modules/core/hooks/hook_sanitycheck.php
+++ b/modules/core/hooks/hook_sanitycheck.php
@@ -38,7 +38,7 @@ function core_hook_sanitycheck(&$hookinfo) {
foreach($info AS $mi => $i) {
if (isset($i['dependencies']) && is_array($i['dependencies'])) {
foreach ($i['dependencies'] AS $dep) {
- if (!in_array($dep, $availmodules)) {
+ if (!in_array($dep, $availmodules, true)) {
$hookinfo['errors'][] = '[core] Module dependency not met: ' . $mi . ' requires ' . $dep;
}
}
diff --git a/modules/core/lib/Storage/SQLPermanentStorage.php b/modules/core/lib/Storage/SQLPermanentStorage.php
index 89d81acab..54bb5642b 100644
--- a/modules/core/lib/Storage/SQLPermanentStorage.php
+++ b/modules/core/lib/Storage/SQLPermanentStorage.php
@@ -148,7 +148,7 @@ class sspmod_core_Storage_SQLPermanentStorage {
public function getKeys($type = NULL, $key1 = NULL, $key2 = NULL, $whichKey = 'type') {
- if (!in_array($whichKey, array('key1', 'key2', 'type')))
+ if (!in_array($whichKey, array('key1', 'key2', 'type'), true))
throw new Exception('Invalid key type');
$condition = self::getCondition($type, $key1, $key2);
diff --git a/modules/core/www/show_metadata.php b/modules/core/www/show_metadata.php
index 5a807a524..fd03d9f56 100644
--- a/modules/core/www/show_metadata.php
+++ b/modules/core/www/show_metadata.php
@@ -14,7 +14,8 @@ if (!array_key_exists('set', $_REQUEST)) {
}
if (!in_array(
$_REQUEST['set'],
- array('saml20-idp-remote', 'saml20-sp-remote', 'shib13-idp-remote', 'shib13-sp-remote')
+ array('saml20-idp-remote', 'saml20-sp-remote', 'shib13-idp-remote', 'shib13-sp-remote'),
+ true
)) {
throw new Exception('Invalid set');
}
diff --git a/modules/cron/lib/Cron.php b/modules/cron/lib/Cron.php
index b2532e75f..bba782afa 100644
--- a/modules/cron/lib/Cron.php
+++ b/modules/cron/lib/Cron.php
@@ -56,7 +56,7 @@ class Cron
public function isValidTag($tag)
{
if (!is_null($this->cronconfig->getValue('allowed_tags'))) {
- return in_array($tag, $this->cronconfig->getArray('allowed_tags'));
+ return in_array($tag, $this->cronconfig->getArray('allowed_tags'), true);
}
return true;
}
diff --git a/modules/discopower/lib/PowerIdPDisco.php b/modules/discopower/lib/PowerIdPDisco.php
index 8f58b504f..a20da4dfd 100644
--- a/modules/discopower/lib/PowerIdPDisco.php
+++ b/modules/discopower/lib/PowerIdPDisco.php
@@ -127,7 +127,7 @@ class sspmod_discopower_PowerIdPDisco extends SimpleSAML_XHTML_IdPDisco
$tags = $val['tags'];
}
foreach ($tags as $tag) {
- if (!empty($enableTabs) && !in_array($tag, $enableTabs)) {
+ if (!empty($enableTabs) && !in_array($tag, $enableTabs, true)) {
continue;
}
$slist[$tag][$key] = $val;
@@ -153,21 +153,21 @@ class sspmod_discopower_PowerIdPDisco extends SimpleSAML_XHTML_IdPDisco
*/
private function processFilter($filter, $entry, $default = true)
{
- if (in_array($entry['entityid'], $filter['entities.include'])) {
+ if (in_array($entry['entityid'], $filter['entities.include'], true)) {
return true;
}
- if (in_array($entry['entityid'], $filter['entities.exclude'])) {
+ if (in_array($entry['entityid'], $filter['entities.exclude'], true)) {
return false;
}
if (array_key_exists('tags', $entry)) {
foreach ($filter['tags.include'] as $fe) {
- if (in_array($fe, $entry['tags'])) {
+ if (in_array($fe, $entry['tags'], true)) {
return true;
}
}
foreach ($filter['tags.exclude'] as $fe) {
- if (in_array($fe, $entry['tags'])) {
+ if (in_array($fe, $entry['tags'], true)) {
return false;
}
}
diff --git a/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php b/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php
index f124ecc8b..79543f30f 100644
--- a/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php
+++ b/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php
@@ -103,15 +103,15 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro
* @TODO Remove after 2.0
*/
unset(
- $config['ldap_host'],
- $config['ldap_port'],
- $config['ldap_bind_user'],
- $config['ldap_bind_pwd'],
- $config['userid_attribute'],
- $config['ldap_search_base_dn'],
- $config['ldap_search_filter'],
- $config['ldap_search_attribute'],
- $config['new_attribute_name']
+ $config['ldap_host'],
+ $config['ldap_port'],
+ $config['ldap_bind_user'],
+ $config['ldap_bind_pwd'],
+ $config['userid_attribute'],
+ $config['ldap_search_base_dn'],
+ $config['ldap_search_filter'],
+ $config['ldap_search_attribute'],
+ $config['new_attribute_name']
);
// Now that we checked for BC, run the parent constructor
@@ -164,7 +164,7 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro
return;
}
- if (!in_array($this->attr_policy, array('merge', 'replace', 'add'))) {
+ if (!in_array($this->attr_policy, array('merge', 'replace', 'add'), true)) {
SimpleSAML\Logger::warning("AttributeAddFromLDAP: 'attribute.policy' must be one of 'merge',".
"'replace' or 'add'.");
return;
@@ -172,16 +172,21 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro
// getLdap
try {
- $ldap = $this->getLdap();
+ $ldap = $this->getLdap();
} catch (Exception $e) {
- // Added this warning in case $this->getLdap() fails
- SimpleSAML\Logger::warning("AttributeAddFromLDAP: exception = " . $e);
- return;
+ // Added this warning in case $this->getLdap() fails
+ SimpleSAML\Logger::warning("AttributeAddFromLDAP: exception = " . $e);
+ return;
}
// search for matching entries
try {
- $entries = $ldap->searchformultiple($this->base_dn, $filter,
- array_values($this->search_attributes), true, false);
+ $entries = $ldap->searchformultiple(
+ $this->base_dn,
+ $filter,
+ array_values($this->search_attributes),
+ true,
+ false
+ );
} catch (Exception $e) {
return; // silent fail, error is still logged by LDAP search
}
@@ -200,9 +205,9 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro
if (isset($entry[$name])) {
unset($entry[$name]['count']);
if (isset($attributes[$target])) {
- foreach(array_values($entry[$name]) as $value) {
+ foreach (array_values($entry[$name]) as $value) {
if ($this->attr_policy === 'merge') {
- if (!in_array($value, $attributes[$target])) {
+ if (!in_array($value, $attributes[$target], true)) {
$attributes[$target][] = $value;
}
} else {
diff --git a/modules/ldap/lib/Auth/Process/AttributeAddUsersGroups.php b/modules/ldap/lib/Auth/Process/AttributeAddUsersGroups.php
index ada49327a..0b5665bb9 100644
--- a/modules/ldap/lib/Auth/Process/AttributeAddUsersGroups.php
+++ b/modules/ldap/lib/Auth/Process/AttributeAddUsersGroups.php
@@ -222,7 +222,7 @@ class sspmod_ldap_Auth_Process_AttributeAddUsersGroups extends sspmod_ldap_Auth_
}
// Only look for groups
- if (!in_array($this->type_map['group'], $attributes[$map['type']])) {
+ if (!in_array($this->type_map['group'], $attributes[$map['type']], true)) {
continue;
}
diff --git a/modules/memcacheMonitor/templates/memcachestat.tpl.php b/modules/memcacheMonitor/templates/memcachestat.tpl.php
index 23e6b770c..9a9a3399d 100644
--- a/modules/memcacheMonitor/templates/memcachestat.tpl.php
+++ b/modules/memcacheMonitor/templates/memcachestat.tpl.php
@@ -33,7 +33,7 @@ $table = $this->data['table'];
$column_titles = array();
foreach($table as $row_title => $row_data) {
foreach($row_data as $ct => $foo) {
- if(!in_array($ct, $column_titles)) {
+ if(!in_array($ct, $column_titles, true)) {
$column_titles[] = $ct;
}
}
diff --git a/modules/metarefresh/hooks/hook_cron.php b/modules/metarefresh/hooks/hook_cron.php
index c695cbb21..72c88fc23 100644
--- a/modules/metarefresh/hooks/hook_cron.php
+++ b/modules/metarefresh/hooks/hook_cron.php
@@ -21,7 +21,7 @@ function metarefresh_hook_cron(&$croninfo) {
foreach ($sets AS $setkey => $set) {
// Only process sets where cron matches the current cron tag
$cronTags = $set->getArray('cron');
- if (!in_array($croninfo['tag'], $cronTags)) continue;
+ if (!in_array($croninfo['tag'], $cronTags, true)) continue;
SimpleSAML\Logger::info('cron [metarefresh]: Executing set [' . $setkey . ']');
diff --git a/modules/metarefresh/lib/MetaLoader.php b/modules/metarefresh/lib/MetaLoader.php
index a5f0f0096..5a04fd590 100644
--- a/modules/metarefresh/lib/MetaLoader.php
+++ b/modules/metarefresh/lib/MetaLoader.php
@@ -127,14 +127,14 @@ class sspmod_metarefresh_MetaLoader {
foreach($entities as $entity) {
if(isset($source['blacklist'])) {
- if(!empty($source['blacklist']) && in_array($entity->getEntityID(), $source['blacklist'])) {
+ if(!empty($source['blacklist']) && in_array($entity->getEntityID(), $source['blacklist'], true)) {
SimpleSAML\Logger::info('Skipping "' . $entity->getEntityID() . '" - blacklisted.' . "\n");
continue;
}
}
if(isset($source['whitelist'])) {
- if(!empty($source['whitelist']) && !in_array($entity->getEntityID(), $source['whitelist'])) {
+ if(!empty($source['whitelist']) && !in_array($entity->getEntityID(), $source['whitelist'], true)) {
SimpleSAML\Logger::info('Skipping "' . $entity->getEntityID() . '" - not in the whitelist.' . "\n");
continue;
}
@@ -366,7 +366,7 @@ class sspmod_metarefresh_MetaLoader {
$md = array();
foreach($this->metadata as $category => $elements) {
- if (!in_array($category, $types)) continue;
+ if (!in_array($category, $types, true)) continue;
$md = array_merge($md, $elements);
}
diff --git a/modules/multiauth/lib/Auth/Source/MultiAuth.php b/modules/multiauth/lib/Auth/Source/MultiAuth.php
index 07c148105..9cb75c0b8 100644
--- a/modules/multiauth/lib/Auth/Source/MultiAuth.php
+++ b/modules/multiauth/lib/Auth/Source/MultiAuth.php
@@ -149,7 +149,7 @@ class sspmod_multiauth_Auth_Source_MultiAuth extends SimpleSAML_Auth_Source {
},
$state[self::SOURCESID]
);
- if ($as === NULL || !in_array($authId, $valid_sources)) {
+ if ($as === NULL || !in_array($authId, $valid_sources, true)) {
throw new Exception('Invalid authentication source: ' . $authId);
}
diff --git a/modules/portal/lib/Portal.php b/modules/portal/lib/Portal.php
index 6b9ce045a..45d5ca595 100644
--- a/modules/portal/lib/Portal.php
+++ b/modules/portal/lib/Portal.php
@@ -13,7 +13,7 @@ class sspmod_portal_Portal {
function getTabset($thispage) {
if (!isset($this->config)) return NULL;
foreach($this->config AS $set) {
- if (in_array($thispage, $set)) {
+ if (in_array($thispage, $set, true)) {
return $set;
}
}
@@ -23,7 +23,7 @@ class sspmod_portal_Portal {
function isPortalized($thispage) {
foreach($this->config AS $set) {
- if (in_array($thispage, $set)) {
+ if (in_array($thispage, $set, true)) {
return TRUE;
}
}
diff --git a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
index 571b720e1..57782d419 100644
--- a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
+++ b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
@@ -69,7 +69,7 @@ class sspmod_saml_Auth_Process_ExpectedAuthnContextClassRef extends SimpleSAML_A
$this->AuthnContextClassRef = $request['saml:sp:State']['saml:sp:AuthnContext'];
- if (!in_array($this->AuthnContextClassRef, $this->accepted)) {
+ if (!in_array($this->AuthnContextClassRef, $this->accepted, true)) {
$this->unauthorized($request);
}
}
diff --git a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
index a2c862fe4..71add0415 100644
--- a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
+++ b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
@@ -96,7 +96,9 @@ class sspmod_saml_Auth_Process_SQLPersistentNameID extends sspmod_saml_BaseNameI
$state['SPMetadata']['NameIDPolicy'],
$state['SPMetadata']['NameIDFormat']
));
- if (count($validNameIdFormats) && !in_array($this->format, $validNameIdFormats) && !$this->allowDifferent) {
+ if (count($validNameIdFormats) && !in_array($this->format, $validNameIdFormats, true) &&
+ !$this->allowDifferent
+ ) {
SimpleSAML\Logger::debug(
'SQLPersistentNameID: SP expects different NameID format ('.
implode(', ', $validNameIdFormats).'), not generating persistent NameID.'
diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index 442e763b9..c1fc0ad3a 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -204,7 +204,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
SAML2\Constants::COMPARISON_MINIMUM,
SAML2\Constants::COMPARISON_MAXIMUM,
SAML2\Constants::COMPARISON_BETTER,
- ))) {
+ ), true)) {
$comp = $state['saml:AuthnContextComparison'];
}
$ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr, 'Comparison' => $comp));
@@ -411,7 +411,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
);
}
- if (!is_null($idp) && !in_array($idp, $intersection)) { // the IdP is enforced but not in the IDPList
+ if (!is_null($idp) && !in_array($idp, $intersection, true)) { // the IdP is enforced but not in the IDPList
throw new SimpleSAML\Module\saml\Error\NoAvailableIDP(
\SAML2\Constants::STATUS_REQUESTER,
'None of the IdPs requested are available to this proxy.'
@@ -476,7 +476,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
* We have at least one IdP in the IDPList that we recognize, and it's not the one currently in use. Let's
* see if this proxy enforces the use of one single IdP.
*/
- if (!is_null($this->idp) && !in_array($this->idp, $intersection)) { // an IdP is enforced but not requested
+ if (!is_null($this->idp) && !in_array($this->idp, $intersection, true)) { // an IdP is enforced but not requested
throw new SimpleSAML\Module\saml\Error\NoAvailableIDP(
\SAML2\Constants::STATUS_REQUESTER,
'None of the IdPs requested are available to this proxy.'
diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index 36d0e28b1..27ef6ae08 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -651,7 +651,7 @@ class sspmod_saml_Message
$lastError = 'No SubjectConfirmation element in Subject.';
$validSCMethods = array(\SAML2\Constants::CM_BEARER, \SAML2\Constants::CM_HOK, \SAML2\Constants::CM_VOUCHES);
foreach ($assertion->getSubjectConfirmation() as $sc) {
- if (!in_array($sc->Method, $validSCMethods)) {
+ if (!in_array($sc->Method, $validSCMethods, true)) {
$lastError = 'Invalid Method on SubjectConfirmation: '.var_export($sc->Method, true);
continue;
}
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index 2e6b45371..e25f9817b 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -99,7 +99,7 @@ if ($state) {
if ($state['ExpectedIssuer'] !== $idp) {
$idpMetadata = $source->getIdPMetadata($idp);
$idplist = $idpMetadata->getArrayize('IDPList', array());
- if (!in_array($state['ExpectedIssuer'], $idplist)) {
+ if (!in_array($state['ExpectedIssuer'], $idplist, true)) {
throw new SimpleSAML_Error_Exception(
'The issuer of the response does not match to the identity provider we sent the request to.'
);
diff --git a/modules/statistics/lib/AccessCheck.php b/modules/statistics/lib/AccessCheck.php
index 9cbed6f13..f742b51d1 100644
--- a/modules/statistics/lib/AccessCheck.php
+++ b/modules/statistics/lib/AccessCheck.php
@@ -57,7 +57,7 @@ class sspmod_statistics_AccessCheck
}
// Check if userid is allowed access..
- if (in_array($attributes[$useridattr][0], $allowedusers)) {
+ if (in_array($attributes[$useridattr][0], $allowedusers, true)) {
SimpleSAML\Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']');
return;
}
diff --git a/modules/statistics/lib/LogCleaner.php b/modules/statistics/lib/LogCleaner.php
index a39d83fb6..40915f255 100644
--- a/modules/statistics/lib/LogCleaner.php
+++ b/modules/statistics/lib/LogCleaner.php
@@ -155,7 +155,7 @@ class sspmod_statistics_LogCleaner
}
$trackid = $content[4];
- if (in_array($trackid, $todelete)) {
+ if (in_array($trackid, $todelete, true)) {
continue;
}
diff --git a/modules/statistics/lib/Ruleset.php b/modules/statistics/lib/Ruleset.php
index 643a118e5..45f6ecdfd 100644
--- a/modules/statistics/lib/Ruleset.php
+++ b/modules/statistics/lib/Ruleset.php
@@ -74,7 +74,7 @@ class sspmod_statistics_Ruleset
{
$rule = $this->statconfig->getString('default', $this->availrules[0]);
if (!empty($preferRule)) {
- if (in_array($preferRule, $this->availrules)) {
+ if (in_array($preferRule, $this->availrules, true)) {
$rule = $preferRule;
}
}
diff --git a/modules/statistics/lib/Statistics/Rulesets/BaseRule.php b/modules/statistics/lib/Statistics/Rulesets/BaseRule.php
index 865cd2782..3bb6e482d 100644
--- a/modules/statistics/lib/Statistics/Rulesets/BaseRule.php
+++ b/modules/statistics/lib/Statistics/Rulesets/BaseRule.php
@@ -70,7 +70,7 @@ class sspmod_statistics_Statistics_Rulesets_BaseRule
$timeres = $timeresavailable[0];
// Then check if the user have provided one that is valid
- if (in_array($preferTimeRes, $timeresavailable)) {
+ if (in_array($preferTimeRes, $timeresavailable, true)) {
$timeres = $preferTimeRes;
}
return $timeres;
@@ -81,7 +81,7 @@ class sspmod_statistics_Statistics_Rulesets_BaseRule
// Get which time (fileslot) to use.. First get a default, which is the most recent one.
$fileslot = $this->available[$timeres][count($this->available[$timeres]) - 1];
// Then check if the user have provided one.
- if (in_array($preferTime, $this->available[$timeres])) {
+ if (in_array($preferTime, $this->available[$timeres], true)) {
$fileslot = $preferTime;
}
return $fileslot;
diff --git a/modules/statistics/www/statmeta.php b/modules/statistics/www/statmeta.php
index 0959bf1e5..91a5fe4aa 100644
--- a/modules/statistics/www/statmeta.php
+++ b/modules/statistics/www/statmeta.php
@@ -12,13 +12,13 @@ $metadata = $aggr->getMetadata();
$t = new SimpleSAML_XHTML_Template($config, 'statistics:statmeta.tpl.php');
if ($metadata !== null) {
- if (in_array('lastrun', $metadata)) {
+ if (in_array('lastrun', $metadata, true)) {
$metadata['lastrun'] = date('l jS \of F Y H:i:s', $metadata['lastrun']);
}
- if (in_array('notBefore', $metadata)) {
+ if (in_array('notBefore', $metadata, true)) {
$metadata['notBefore'] = date('l jS \of F Y H:i:s', $metadata['notBefore']);
}
- if (in_array('memory', $metadata)) {
+ if (in_array('memory', $metadata, true)) {
$metadata['memory'] = number_format($metadata['memory'] / (1024 * 1024), 2);
}
$t->data['metadata'] = $metadata;
--
GitLab