Skip to content
Snippets Groups Projects
Commit 8f4ae1be authored by Jaime Pérez Crespo's avatar Jaime Pérez Crespo
Browse files

Perform additional checks on URLs before allowing them.

parent 37a65f6a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/SimpleSAML/Utils/HTTP.php
+ 7
0
View file @ 8f4ae1be
...@@ -341,6 +341,13 @@ class HTTP ...@@ -341,6 +341,13 @@ class HTTP
$components = parse_url($url); $components = parse_url($url);
$hostname = $components['host']; $hostname = $components['host'];
// check for userinfo
if ((isset($components['user']) && strpos($components['user'], '\\') !== false) ||
(isset($components['pass']) && strpos($components['pass'], '\\') !== false)
) {
throw new \SimpleSAML_Error_Exception('Invalid URL: '.$url);
}
// allow URLs with standard ports specified (non-standard ports must then be allowed explicitly) // allow URLs with standard ports specified (non-standard ports must then be allowed explicitly)
if (isset($components['port']) && if (isset($components['port']) &&
(($components['scheme'] === 'http' && $components['port'] !== 80) || (($components['scheme'] === 'http' && $components['port'] !== 80) ||
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment