diff --git a/lib/SimpleSAML/Utils/Config.php b/lib/SimpleSAML/Utils/Config.php
index fd7762b6a0f9162755fcc9853870180e000573ab..fa044516bd42e2cd13cfec721993b0e28d493ce9 100644
--- a/lib/SimpleSAML/Utils/Config.php
+++ b/lib/SimpleSAML/Utils/Config.php
@@ -67,6 +67,7 @@ class Config
public static function getConfigDir()
{
$configDir = dirname(dirname(dirname(__DIR__))) . '/config';
+ /** @var string|false $configDirEnv */
$configDirEnv = getenv('SIMPLESAMLPHP_CONFIG_DIR');
if ($configDirEnv !== false) {
if (!is_dir($configDirEnv)) {
diff --git a/lib/SimpleSAML/Utils/Config/Metadata.php b/lib/SimpleSAML/Utils/Config/Metadata.php
index 2bf4b480a41aabadab0f2f5057da807690fe3ac2..5954743084743d96f78678462e5fe63342766d35 100644
--- a/lib/SimpleSAML/Utils/Config/Metadata.php
+++ b/lib/SimpleSAML/Utils/Config/Metadata.php
@@ -277,9 +277,6 @@ class Metadata
\SimpleSAML\Logger::maskErrors(E_ALL);
$hidden = in_array(self::$HIDE_FROM_DISCOVERY, $metadata['EntityAttributes'][self::$ENTITY_CATEGORY]);
\SimpleSAML\Logger::popErrorMask();
- if (is_bool($hidden)) {
- return $hidden;
- }
- return false;
+ return $hidden;
}
}
diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php
index c3279991658a13653be9c3f8a4b222f4754c398f..31f63aad934cc65303a86233bc359e60ea55de4c 100644
--- a/lib/SimpleSAML/Utils/Crypto.php
+++ b/lib/SimpleSAML/Utils/Crypto.php
@@ -24,7 +24,9 @@ class Crypto
*/
private static function _aesDecrypt($ciphertext, $secret)
{
- if (!is_string($ciphertext) || mb_strlen($ciphertext, '8bit') < 48) {
+ /** @var int $len */
+ $len = mb_strlen($ciphertext, '8bit');
+ if (!is_string($ciphertext) || $len < 48) {
throw new \InvalidArgumentException(
'Input parameter "$ciphertext" must be a string with more than 48 characters.'
);
@@ -38,7 +40,7 @@ class Crypto
$hmac = mb_substr($ciphertext, 0, 32, '8bit');
$iv = mb_substr($ciphertext, 32, 16, '8bit');
- $msg = mb_substr($ciphertext, 48, mb_strlen($ciphertext, '8bit') - 48, '8bit');
+ $msg = mb_substr($ciphertext, 48, $len - 48, '8bit');
// authenticate the ciphertext
if (self::secureCompare(hash_hmac('sha256', $iv.$msg, substr($key, 64, 64), true), $hmac)) {
@@ -46,7 +48,7 @@ class Crypto
$msg,
'AES-256-CBC',
substr($key, 0, 64),
- defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true,
+ defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : 1,
$iv
);
@@ -106,11 +108,12 @@ class Crypto
$iv = openssl_random_pseudo_bytes(16);
// encrypt the message
- $ciphertext = $iv.openssl_encrypt(
+ /** @var string|false $ciphertext */
+ $ciphertext = openssl_encrypt(
$data,
'AES-256-CBC',
substr($key, 0, 64),
- defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true,
+ defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : 1,
$iv
);
@@ -119,7 +122,7 @@ class Crypto
}
// return the ciphertext with proper authentication
- return hash_hmac('sha256', $ciphertext, substr($key, 64, 64), true).$ciphertext;
+ return hash_hmac('sha256', $iv.$ciphertext, substr($key, 64, 64), true).$iv.$ciphertext;
}
diff --git a/lib/SimpleSAML/Utils/HTTP.php b/lib/SimpleSAML/Utils/HTTP.php
index 688f2e739783bc8c6d3ab74d9a2b13a9544f623a..1f6e50cdbc0f4301c33af73729c60dc66c1d0de9 100644
--- a/lib/SimpleSAML/Utils/HTTP.php
+++ b/lib/SimpleSAML/Utils/HTTP.php
@@ -18,6 +18,7 @@ class HTTP
* @param string $destination The destination URL.
* @param array $data An associative array containing the data to be posted to $destination.
*
+ * @throws \SimpleSAML_Error_Exception If the current session is transient.
* @return string A URL which allows to securely post a form to $destination.
*
* @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
@@ -27,8 +28,15 @@ class HTTP
$session = \SimpleSAML_Session::getSessionFromRequest();
$id = self::savePOSTData($session, $destination, $data);
+ // get the session ID
+ $session_id = $session->getSessionId();
+ if (is_null($session_id)) {
+ // this is a transient session, it is pointless to continue
+ throw new \SimpleSAML_Error_Exception('Cannot save POST data to a transient session.');
+ }
+
// encrypt the session ID and the random ID
- $info = base64_encode(Crypto::aesEncrypt($session->getSessionId().':'.$id));
+ $info = base64_encode(Crypto::aesEncrypt($session_id.':'.$id));
$url = Module::getModuleURL('core/postredirect.php', array('RedirInfo' => $info));
return preg_replace('#^https:#', 'http:', $url);
@@ -246,6 +254,7 @@ class HTTP
$oldQuery = array();
$url .= '?';
} else {
+ /** @var string|false $oldQuery */
$oldQuery = substr($url, $queryStart + 1);
if ($oldQuery === false) {
$oldQuery = array();
@@ -255,6 +264,7 @@ class HTTP
$url = substr($url, 0, $queryStart + 1);
}
+ /** @var array $oldQuery */
$query = array_merge($oldQuery, $parameters);
$url .= http_build_query($query, '', '&');
@@ -265,7 +275,7 @@ class HTTP
/**
* Check for session cookie, and show missing-cookie page if it is missing.
*
- * @param string|NULL $retryURL The URL the user should access to retry the operation. Defaults to null.
+ * @param string|null $retryURL The URL the user should access to retry the operation. Defaults to null.
*
* @return void If there is a session cookie, nothing will be returned. Otherwise, the user will be redirected to a
* page telling about the missing cookie.
@@ -275,7 +285,7 @@ class HTTP
*/
public static function checkSessionCookie($retryURL = null)
{
- if (!is_string($retryURL) && !is_null($retryURL)) {
+ if (!is_null($retryURL) && !is_string($retryURL)) {
throw new \InvalidArgumentException('Invalid input parameters.');
}
@@ -432,7 +442,8 @@ class HTTP
$data = file_get_contents($url, false, $context);
if ($data === false) {
$error = error_get_last();
- throw new \SimpleSAML_Error_Exception('Error fetching '.var_export($url, true).':'.$error['message']);
+ throw new \SimpleSAML_Error_Exception('Error fetching '.var_export($url, true).':'.
+ (is_array($error) ? $error['message'] : 'no error available'));
}
// data and headers
@@ -694,7 +705,9 @@ class HTTP
{
$url = self::getBaseURL();
- $start = strpos($url, '://') + 3;
+ /** @var int $colon getBaseURL() will allways return a valid URL */
+ $colon = strpos($url, '://');
+ $start = $colon + 3;
$length = strcspn($url, '/', $start);
return substr($url, $start, $length);
@@ -787,7 +800,10 @@ class HTTP
public static function getSelfURLHost()
{
$url = self::getSelfURL();
- $start = strpos($url, '://') + 3;
+
+ /** @var int $colon getBaseURL() will allways return a valid URL */
+ $colon = strpos($url, '://');
+ $start = $colon + 3;
$length = strcspn($url, '/', $start) + $start;
return substr($url, 0, $length);
}
@@ -1057,6 +1073,8 @@ class HTTP
* @throws \InvalidArgumentException If any parameter has an incorrect type.
* @throws \SimpleSAML\Error\CannotSetCookie If the headers were already sent and the cookie cannot be set.
*
+ * @return void
+ *
* @author Andjelko Horvat
* @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
*/
@@ -1152,6 +1170,8 @@ class HTTP
*
* @throws \InvalidArgumentException If $destination is not a string or $data is not an array.
*
+ * @return void
+ *
* @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
* @author Andjelko Horvat
* @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
diff --git a/lib/SimpleSAML/Utils/Net.php b/lib/SimpleSAML/Utils/Net.php
index 1ae6cedbd074436de0c2197467d57f6d47f9dfeb..96526ad68349438dd947424d32624eb0e633dfd6 100644
--- a/lib/SimpleSAML/Utils/Net.php
+++ b/lib/SimpleSAML/Utils/Net.php
@@ -33,6 +33,7 @@ class Net
}
list ($net, $mask) = explode('/', $cidr);
+ $mask = intval($mask);
$ip_ip = array();
$ip_net = array();
diff --git a/lib/SimpleSAML/Utils/Random.php b/lib/SimpleSAML/Utils/Random.php
index 8e42a587c7b7fc247ada72c5a14b2091467c4f86..b53ace2e5a5f40e1af4632c40db0a3a4421018ac 100644
--- a/lib/SimpleSAML/Utils/Random.php
+++ b/lib/SimpleSAML/Utils/Random.php
@@ -25,6 +25,6 @@ class Random
*/
public static function generateID()
{
- return '_'.bin2hex(openssl_random_pseudo_bytes((self::ID_LENGTH - 1)/2));
+ return '_'.bin2hex(openssl_random_pseudo_bytes((int)((self::ID_LENGTH - 1)/2)));
}
}
\ No newline at end of file
diff --git a/lib/SimpleSAML/Utils/System.php b/lib/SimpleSAML/Utils/System.php
index ec8b8ba1a2d36c5825861c20e00a6938e7705c74..43c0b9b55431568f5d4ce3d0585ec5e7fb1343b0 100644
--- a/lib/SimpleSAML/Utils/System.php
+++ b/lib/SimpleSAML/Utils/System.php
@@ -83,7 +83,8 @@ class System
if (!mkdir($tempDir, 0700, true)) {
$error = error_get_last();
throw new \SimpleSAML_Error_Exception(
- 'Error creating temporary directory "'.$tempDir.'": '.$error['message']
+ 'Error creating temporary directory "'.$tempDir.'": '.
+ (is_array($error) ? $error['message'] : 'no error available')
);
}
} elseif (function_exists('posix_getuid')) {
@@ -169,6 +170,8 @@ class System
* @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
* @author Andjelko Horvat
* @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
+ *
+ * @return void
*/
public static function writeFile($filename, $data, $mode = 0600)
{
@@ -182,7 +185,8 @@ class System
if ($res === false) {
$error = error_get_last();
throw new \SimpleSAML_Error_Exception(
- 'Error saving file "'.$tmpFile.'": '.$error['message']
+ 'Error saving file "'.$tmpFile.'": '.
+ (is_array($error) ? $error['message'] : 'no error available')
);
}
@@ -190,8 +194,10 @@ class System
if (!chmod($tmpFile, $mode)) {
unlink($tmpFile);
$error = error_get_last();
+ //$error = (is_array($error) ? $error['message'] : 'no error available');
throw new \SimpleSAML_Error_Exception(
- 'Error changing file mode of "'.$tmpFile.'": '.$error['message']
+ 'Error changing file mode of "'.$tmpFile.'": '.
+ (is_array($error) ? $error['message'] : 'no error available')
);
}
}
@@ -200,7 +206,8 @@ class System
unlink($tmpFile);
$error = error_get_last();
throw new \SimpleSAML_Error_Exception(
- 'Error moving "'.$tmpFile.'" to "'.$filename.'": '.$error['message']
+ 'Error moving "'.$tmpFile.'" to "'.$filename.'": '.
+ (is_array($error) ? $error['message'] : 'no error available')
);
}
diff --git a/lib/SimpleSAML/Utils/Time.php b/lib/SimpleSAML/Utils/Time.php
index 3eebe50b5251aad60c238981e3257dc71c923c6b..be8d47b2d9986a55c12d849bc490a42e59dcaef9 100644
--- a/lib/SimpleSAML/Utils/Time.php
+++ b/lib/SimpleSAML/Utils/Time.php
@@ -44,6 +44,10 @@ class Time
* This function should be called before any calls to date().
*
* @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
+ *
+ * @throws \SimpleSAML_Error_Exception If the timezone set in the configuration is invalid.
+ *
+ * @return void
*/
public static function initTimezone()
{
diff --git a/lib/SimpleSAML/Utils/XML.php b/lib/SimpleSAML/Utils/XML.php
index d3c6dd77347bffd35ad0267fa93fdca7c30ebc9e..48628be40e1388b0916f96b946ee93f4f9554a4f 100644
--- a/lib/SimpleSAML/Utils/XML.php
+++ b/lib/SimpleSAML/Utils/XML.php
@@ -27,6 +27,8 @@ class XML
* values allowed.
* @throws \SimpleSAML_Error_Exception If $message contains a doctype declaration.
*
+ * @return void
+ *
* @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
* @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
*/
@@ -85,6 +87,8 @@ class XML
*
* @throws \InvalidArgumentException If $type is not a string or $message is neither a string nor a \DOMElement.
*
+ * @return void
+ *
* @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
*/
public static function debugSAMLMessage($message, $type)
@@ -139,15 +143,17 @@ class XML
* This function takes in a DOM element, and inserts whitespace to make it more readable. Note that whitespace
* added previously will be removed.
*
- * @param \DOMElement $root The root element which should be formatted.
+ * @param \DOMNode $root The root element which should be formatted.
* @param string $indentBase The indentation this element should be assumed to have. Defaults to an empty
* string.
*
* @throws \InvalidArgumentException If $root is not a DOMElement or $indentBase is not a string.
*
+ * @return void
+ *
* @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
*/
- public static function formatDOMElement(\DOMElement $root, $indentBase = '')
+ public static function formatDOMElement(\DOMNode $root, $indentBase = '')
{
if (!is_string($indentBase)) {
throw new \InvalidArgumentException('Invalid input parameters');
@@ -158,6 +164,7 @@ class XML
$textNodes = array(); // text nodes which should be deleted
$childNodes = array(); // other child nodes
for ($i = 0; $i < $root->childNodes->length; $i++) {
+ /** @var \DOMElement $child */
$child = $root->childNodes->item($i);
if ($child instanceof \DOMText) {
@@ -279,6 +286,7 @@ class XML
$ret = array();
for ($i = 0; $i < $element->childNodes->length; $i++) {
+ /** @var \DOMElement $child */
$child = $element->childNodes->item($i);
// skip text nodes and comment elements
@@ -301,20 +309,16 @@ class XML
* @param \DOMElement $element The element we should extract text from.
*
* @return string The text content of the element.
- * @throws \InvalidArgumentException If $element is not an instance of DOMElement.
* @throws \SimpleSAML_Error_Exception If the element contains a non-text child node.
*
* @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
*/
public static function getDOMText(\DOMElement $element)
{
- if (!($element instanceof \DOMElement)) {
- throw new \InvalidArgumentException('Invalid input parameters');
- }
-
$txt = '';
for ($i = 0; $i < $element->childNodes->length; $i++) {
+ /** @var \DOMElement $child */
$child = $element->childNodes->item($i);
if (!($child instanceof \DOMText)) {
throw new \SimpleSAML_Error_Exception($element->localName.' contained a non-text child node.');
@@ -425,9 +429,10 @@ class XML
}
if ($res) {
-
$config = \SimpleSAML_Configuration::getInstance();
- $schemaPath = $config->resolvePath('schemas').'/';
+ /** @var string $schemaPath */
+ $schemaPath = $config->resolvePath('schemas');
+ $schemaPath .= './';
$schemaFile = $schemaPath.$schema;
$res = $dom->schemaValidate($schemaFile);