Skip to content
Snippets Groups Projects
Commit 98686f3e authored by Jaime Pérez Crespo's avatar Jaime Pérez Crespo
Browse files

Verify URLs before using them.

parent 06c80dd9
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/SimpleSAML/Utils/HTTP.php
+ 36
6
View file @ 98686f3e
...@@ -125,6 +125,27 @@ class HTTP ...@@ -125,6 +125,27 @@ class HTTP
} }
/**
* Verify that a given URL is valid.
*
* @param string $url The URL we want to verify.
*
* @return boolean True if the given URL is valid, false otherwise.
*/
public static function isValidURL($url)
{
$url = filter_var($url, FILTER_VALIDATE_URL);
if ($url === false) {
return false;
}
$scheme = parse_url($url, PHP_URL_SCHEME);
if ($scheme !== false && in_array(strtolower($scheme), ['http', 'https'], true)) {
return true;
}
return false;
}
/** /**
* This function redirects the user to the specified address. * This function redirects the user to the specified address.
* *
...@@ -143,6 +164,7 @@ class HTTP ...@@ -143,6 +164,7 @@ class HTTP
* *
* @return void This function never returns. * @return void This function never returns.
* @throws \InvalidArgumentException If $url is not a string or is empty, or $parameters is not an array. * @throws \InvalidArgumentException If $url is not a string or is empty, or $parameters is not an array.
* @throws \SimpleSAML\Error\Exception If $url is not a valid HTTP URL.
* *
* @author Olav Morken, UNINETT AS <olav.morken@uninett.no> * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
* @author Mads Freek Petersen * @author Mads Freek Petersen
...@@ -153,6 +175,10 @@ class HTTP ...@@ -153,6 +175,10 @@ class HTTP
if (!is_string($url) || empty($url) || !is_array($parameters)) { if (!is_string($url) || empty($url) || !is_array($parameters)) {
throw new \InvalidArgumentException('Invalid input parameters.'); throw new \InvalidArgumentException('Invalid input parameters.');
} }
if (!self::isValidURL($url)) {
throw new Error\Exception('Invalid destination URL.');
}
if (!empty($parameters)) { if (!empty($parameters)) {
$url = self::addURLParameters($url, $parameters); $url = self::addURLParameters($url, $parameters);
} }
...@@ -329,7 +355,7 @@ class HTTP ...@@ -329,7 +355,7 @@ class HTTP
} }
$url = self::normalizeURL($url); $url = self::normalizeURL($url);
if (filter_var($url, FILTER_VALIDATE_URL) === false) { if (!self::isValidURL($url)) {
throw new Error\Exception('Invalid URL: '.$url); throw new Error\Exception('Invalid URL: '.$url);
} }
...@@ -634,7 +660,7 @@ class HTTP ...@@ -634,7 +660,7 @@ class HTTP
*/ */
$c = $globalConfig->toArray(); $c = $globalConfig->toArray();
$c['baseurlpath'] = self::guessBasePath(); $c['baseurlpath'] = self::guessBasePath();
throw new \SimpleSAML\Error\CriticalConfigurationError( throw new Error\CriticalConfigurationError(
'Invalid value for \'baseurlpath\' in config.php. Valid format is in the form: '. 'Invalid value for \'baseurlpath\' in config.php. Valid format is in the form: '.
'[(http|https)://(hostname|fqdn)[:port]]/[path/to/simplesaml/]. It must end with a \'/\'.', '[(http|https)://(hostname|fqdn)[:port]]/[path/to/simplesaml/]. It must end with a \'/\'.',
null, null,
...@@ -1144,9 +1170,9 @@ class HTTP ...@@ -1144,9 +1170,9 @@ class HTTP
// Do not set secure cookie if not on HTTPS // Do not set secure cookie if not on HTTPS
if ($params['secure'] && !self::isHTTPS()) { if ($params['secure'] && !self::isHTTPS()) {
if ($throw) { if ($throw) {
throw new \SimpleSAML\Error\CannotSetCookie( throw new Error\CannotSetCookie(
'Setting secure cookie on plain HTTP is not allowed.', 'Setting secure cookie on plain HTTP is not allowed.',
\SimpleSAML\Error\CannotSetCookie::SECURE_COOKIE Error\CannotSetCookie::SECURE_COOKIE
); );
} }
Logger::warning('Error setting cookie: setting secure cookie on plain HTTP is not allowed.'); Logger::warning('Error setting cookie: setting secure cookie on plain HTTP is not allowed.');
...@@ -1187,9 +1213,9 @@ class HTTP ...@@ -1187,9 +1213,9 @@ class HTTP
if (!$success) { if (!$success) {
if ($throw) { if ($throw) {
throw new \SimpleSAML\Error\CannotSetCookie( throw new Error\CannotSetCookie(
'Headers already sent.', 'Headers already sent.',
\SimpleSAML\Error\CannotSetCookie::HEADERS_SENT Error\CannotSetCookie::HEADERS_SENT
); );
} }
Logger::warning('Error setting cookie: headers already sent.'); Logger::warning('Error setting cookie: headers already sent.');
...@@ -1206,6 +1232,7 @@ class HTTP ...@@ -1206,6 +1232,7 @@ class HTTP
* @param array $data An associative array with the data to be posted to $destination. * @param array $data An associative array with the data to be posted to $destination.
* *
* @throws \InvalidArgumentException If $destination is not a string or $data is not an array. * @throws \InvalidArgumentException If $destination is not a string or $data is not an array.
* @throws \SimpleSAML\Error\Exception If $destination is not a valid HTTP URL.
* *
* @return void * @return void
* *
...@@ -1218,6 +1245,9 @@ class HTTP ...@@ -1218,6 +1245,9 @@ class HTTP
if (!is_string($destination) || !is_array($data)) { if (!is_string($destination) || !is_array($data)) {
throw new \InvalidArgumentException('Invalid input parameters.'); throw new \InvalidArgumentException('Invalid input parameters.');
} }
if (!self::isValidURL($destination)) {
throw new Error\Exception('Invalid destination URL.');
}
$config = Configuration::getInstance(); $config = Configuration::getInstance();
$allowed = $config->getBoolean('enable.http_post', false); $allowed = $config->getBoolean('enable.http_post', false);
......
modules/core/www/postredirect.php
+ 4
0
View file @ 98686f3e
...@@ -44,6 +44,10 @@ assert(is_array($postData)); ...@@ -44,6 +44,10 @@ assert(is_array($postData));
assert(array_key_exists('url', $postData)); assert(array_key_exists('url', $postData));
assert(array_key_exists('post', $postData)); assert(array_key_exists('post', $postData));
if (!\SimpleSAML\Utils\HTTP::isValidURL($destination)) {
throw new \SimpleSAML\Error\Exception('Invalid destination URL.');
}
$config = \SimpleSAML\Configuration::getInstance(); $config = \SimpleSAML\Configuration::getInstance();
$template = new \SimpleSAML\XHTML\Template($config, 'post.php'); $template = new \SimpleSAML\XHTML\Template($config, 'post.php');
$template->data['destination'] = $postData['url']; $template->data['destination'] = $postData['url'];
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment