Use AttributeValue serializable objects instead of dumping manually the XML contents. (6d215c0b) · Commits · Perun / Perun ProxyIdP / v1 / simplesamlphp · GitLab

Snippets Groups Projects

This is an archived project. Repository and other project resources are read-only.

Commit 6d215c0b authored 8 years ago by Jaime Pérez

Use AttributeValue serializable objects instead of dumping manually the XML contents.

This way, we avoid completely any possible XXE attack, and simplify the code as we don't need to deal directly with the DOM. The entire AttributeValue will be saved to the backend as XML, and then recovered back when unserializing.

parent f261dfc1

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 6 additions and 16 deletions

Pavel Břoušek @433364
mentioned in commit b5e25931
· 2 years ago

mentioned in commit b5e25931

mentioned in commit b5e25931e9fee559d737e2ab99f239cc990a60a2

Toggle commit list

Please register or to comment