Move SimpleSAML_Utilities:::doRedirect() to SimpleSAML\Utils\HTTP::redirect().

8ac8d408 · Jaime Perez Crespo · 1e079f45 · 8ac8d408
Commit 8ac8d408 authored 10 years ago by Jaime Perez Crespo
--- a/lib/SimpleSAML/Utils/HTTP.php
+++ b/lib/SimpleSAML/Utils/HTTP.php
@@ -65,6 +65,108 @@ class HTTP
    }
+    /**
+     * Retrieve the port number from $_SERVER environment variables.
+     *
+     * @return string The port number prepended by a colon, if it is different than the default port for the protocol
+     *     (80 for HTTP, 443 for HTTPS), or an empty string otherwise.
+     *
+     * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
+     */
+    private static function getServerPort()
+    {
+        $port = (isset($_SERVER['SERVER_PORT'])) ? $_SERVER['SERVER_PORT'] : '80';
+        if (self::getServerHTTPS()) {
+            if ($port !== '443') {
+                $port = ':'.$port;
+            }
+        } else {
+            if ($port !== '80') {
+                $port = ':'.$port;
+            }
+        }
+        return $port;
+    }
+    /**
+     * This function redirects the user to the specified address.
+     *
+     * This function will use the "HTTP 303 See Other" redirection if the current request used the POST method and the
+     * HTTP version is 1.1. Otherwise, a "HTTP 302 Found" redirection will be used.
+     *
+     * The function will also generate a simple web page with a clickable link to the target page.
+     *
+     * @param string   $url The URL we should redirect to. This URL may include query parameters. If this URL is a
+     *     relative URL (starting with '/'), then it will be turned into an absolute URL by prefixing it with the
+     *     absolute URL to the root of the website.
+     * @param string[] $parameters An array with extra query string parameters which should be appended to the URL. The
+     *     name of the parameter is the array index. The value of the parameter is the value stored in the index. Both
+     *     the name and the value will be urlencoded. If the value is NULL, then the parameter will be encoded as just
+     *     the name, without a value.
+     *
+     * @return void This function never returns.
+     * @throws \SimpleSAML_Error_Exception If $url is not a string or is empty, or $parameters is not an array.
+     *
+     * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
+     * @author Mads Freek Petersen
+     * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
+     */
+    private static function redirect($url, $parameters = array())
+    {
+        if (!is_string($url) || empty($url) || !is_array($parameters)) {
+            throw new \SimpleSAML_Error_Exception('Invalid input parameters.');
+        }
+        if (!empty($parameters)) {
+            $url = self::addURLParameters($url, $parameters);
+        }
+        /* Set the HTTP result code. This is either 303 See Other or
+         * 302 Found. HTTP 303 See Other is sent if the HTTP version
+         * is HTTP/1.1 and the request type was a POST request.
+         */
+        if ($_SERVER['SERVER_PROTOCOL'] === 'HTTP/1.1' &&
+            $_SERVER['REQUEST_METHOD'] === 'POST'
+        ) {
+            $code = 303;
+        } else {
+            $code = 302;
+        }
+        if (strlen($url) > 2048) {
+            \SimpleSAML_Logger::warning('Redirecting to a URL longer than 2048 bytes.');
+        }
+        // set the location header
+        header('Location: '.$url, true, $code);
+        // disable caching of this response
+        header('Pragma: no-cache');
+        header('Cache-Control: no-cache, must-revalidate');
+        // show a minimal web page with a clickable link to the URL
+        echo '<?xml version="1.0" encoding="UTF-8"?>'."\n";
+        echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"';
+        echo ' "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">'."\n";
+        echo '<html xmlns="http://www.w3.org/1999/xhtml">'."\n";
+        echo "  <head>\n";
+        echo '    <meta http-equiv="content-type" content="text/html; charset=utf-8">'."\n";
+        echo "    <title>Redirect</title>\n";
+        echo "  </head>\n";
+        echo "  <body>\n";
+        echo "    <h1>Redirect</h1>\n";
+        echo '      <p>You were redirected to: <a id="redirlink" href="'.htmlspecialchars($url).'">';
+        echo htmlspecialchars($url)."</a>\n";
+        echo '        <script type="text/javascript">document.getElementById("redirlink").focus();</script>'."\n";
+        echo "      </p>\n";
+        echo "  </body>\n";
+        echo '</html>';
+        // end script execution
+        exit;
+    }
    /**
     * Add one or more query parameters to the given URL.
     *
@@ -105,30 +207,6 @@ class HTTP
    }
-    /**
-     * Retrieve the port number from $_SERVER environment variables.
-     *
-     * @return string The port number prepended by a colon, if it is different than the default port for the protocol
-     *     (80 for HTTP, 443 for HTTPS), or an empty string otherwise.
-     *
-     * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
-     */
-    private static function getServerPort()
-    {
-        $port = (isset($_SERVER['SERVER_PORT'])) ? $_SERVER['SERVER_PORT'] : '80';
-        if (self::getServerHTTPS()) {
-            if ($port !== '443') {
-                $port = ':'.$port;
-            }
-        } else {
-            if ($port !== '80') {
-                $port = ':'.$port;
-            }
-        }
-        return $port;
-    }
    /**
     * Parse a query string into an array.
     *