Skip to content
Snippets Groups Projects
Commit 9620b813 authored by Olav Morken's avatar Olav Morken
Browse files

SAML2:SingleLogoutService - Remove magic quotes from parameters.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@118 44740490-163a-0410-bde0-09ae8108e29a
parent ed20e581
No related branches found
No related tags found
No related merge requests found
...@@ -135,7 +135,21 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect { ...@@ -135,7 +135,21 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect {
throw new Exception('SAMLRequest parameter not set in paramter (on SAML 2.0 HTTP Redirect binding endpoint)'); throw new Exception('SAMLRequest parameter not set in paramter (on SAML 2.0 HTTP Redirect binding endpoint)');
} }
$rawRequest = $get["SAMLRequest"]; $rawRequest = $get["SAMLRequest"];
$relaystate = isset($get["RelayState"]) ? $get["RelayState"] : null; /* We don't need to remove any magic quotes from the
* SAMLRequest parameter since this parameter is guaranteed
* to be base64-encoded.
*/
/* Check if a RelayState was provided with the request. */
if(array_key_exists('RelayState', $get)) {
$relaystate = $get['RelayState'];
/* Remove any magic quotes that php may have added. */
if(get_magic_quotes_gpc()) {
$relaystate = stripslashes($relaystate);
}
} else {
$relaystate = NULL;
}
$samlRequestXML = gzinflate(base64_decode( $rawRequest )); $samlRequestXML = gzinflate(base64_decode( $rawRequest ));
...@@ -157,7 +171,21 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect { ...@@ -157,7 +171,21 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect {
throw new Exception('SAMLResponse parameter not set in paramter (on SAML 2.0 HTTP Redirect binding endpoint)'); throw new Exception('SAMLResponse parameter not set in paramter (on SAML 2.0 HTTP Redirect binding endpoint)');
} }
$rawRequest = $get["SAMLResponse"]; $rawRequest = $get["SAMLResponse"];
$relaystate = isset($get["RelayState"]) ? $get["RelayState"] : null; /* We don't need to remove any magic quotes from the
* SAMLResponse parameter since this parameter is guaranteed
* to be base64-encoded.
*/
/* Check if a RelayState was provided with the request. */
if(array_key_exists('RelayState', $get)) {
$relaystate = $get['RelayState'];
/* Remove any magic quotes that php may have added. */
if(get_magic_quotes_gpc()) {
$relaystate = stripslashes($relaystate);
}
} else {
$relaystate = NULL;
}
$samlRequestXML = gzinflate(base64_decode( $rawRequest )); $samlRequestXML = gzinflate(base64_decode( $rawRequest ));
......
...@@ -75,6 +75,10 @@ if ($spentityid) { ...@@ -75,6 +75,10 @@ if ($spentityid) {
$relayState = SimpleSAML_Utilities::selfURL(); $relayState = SimpleSAML_Utilities::selfURL();
if (isset($_GET['RelayState'])) { if (isset($_GET['RelayState'])) {
$relayState = $_GET['RelayState']; $relayState = $_GET['RelayState'];
/* Remove any magic quotes that php may have added. */
if(get_magic_quotes_gpc()) {
$relayState = stripslashes($relayState);
}
} }
//$request, $remoteentityid, $relayState = null, $endpoint = 'SingleLogoutService', $direction = 'SAMLRequest', $mode = 'SP' //$request, $remoteentityid, $relayState = null, $endpoint = 'SingleLogoutService', $direction = 'SAMLRequest', $mode = 'SP'
...@@ -122,6 +126,10 @@ try { ...@@ -122,6 +126,10 @@ try {
$relayState = SimpleSAML_Utilities::selfURL(); $relayState = SimpleSAML_Utilities::selfURL();
if (isset($_GET['RelayState'])) { if (isset($_GET['RelayState'])) {
$relayState = $_GET['RelayState']; $relayState = $_GET['RelayState'];
/* Remove any magic quotes that php may have added. */
if(get_magic_quotes_gpc()) {
$relayState = stripslashes($relayState);
}
} }
//$request, $remoteentityid, $relayState = null, $endpoint = 'SingleLogoutService', $direction = 'SAMLRequest', $mode = 'SP' //$request, $remoteentityid, $relayState = null, $endpoint = 'SingleLogoutService', $direction = 'SAMLRequest', $mode = 'SP'
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment