From 77308f6a6568ebd974bb4826e7a64bba2c80647e Mon Sep 17 00:00:00 2001
From: Jelle Witteveen <jelle@wittev1.com>
Date: Wed, 7 Nov 2018 15:29:50 +0100
Subject: [PATCH] add a filter to remain SAML2INT-compliant

---
 modules/saml/lib/Message.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index cda90f176..3d79a417a 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -658,6 +658,15 @@ class Message
         // check various properties of the assertion
         $config = \SimpleSAML\Configuration::getInstance();
         $allowed_assertion_offset = $config->getInteger('assertion.allowed_offset', 60);
+        $options = [
+            'options' => [
+                'default' => 60, // value to return if the filter fails
+                // other options here
+                'min_range' => 0,
+                'max_range' => 300,
+            ],
+        ];
+        $allowed_assertion_offset = filter_var($allowed_assertion_offset, FILTER_VALIDATE_INT, $options);
         $notBefore = $assertion->getNotBefore();
         if ($notBefore !== null && $notBefore > time() + $allowed_assertion_offset) {
             throw new \SimpleSAML\Error\Exception(
-- 
GitLab