diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
index 0b27c03c4ae7ff8b92e04f1e51fee5e0e98471c2..5987ceba8576ce2ffbc17f46e41622537b0c681b 100644
--- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php
+++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
@@ -74,8 +74,9 @@ class SimpleSAML_Bindings_Shib13_Artifact {
private static function extractResponse($soapResponse) {
assert('is_string($soapResponse)');
- $doc = new DOMDocument();
- if (!$doc->loadXML($soapResponse)) {
+ try {
+ $doc = SAML2_DOMDocumentFactory::fromString($soapResponse);
+ } catch(\Exception $e) {
throw new SimpleSAML_Error_Exception('Error parsing SAML 1 artifact response.');
}
@@ -101,7 +102,7 @@ class SimpleSAML_Bindings_Shib13_Artifact {
* Save the <saml1p:Response> element. Note that we need to import it
* into a new document, in order to preserve namespace declarations.
*/
- $newDoc = new DOMDocument();
+ $newDoc = SAML2_DOMDocumentFactory::create();
$newDoc->appendChild($newDoc->importNode($responseElement, TRUE));
$responseXML = $newDoc->saveXML();
diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
index 70624ceb91e239910269bd0324776137010750c7..0cd3e16885cb6580e44f761e55b902ed443a17c8 100644
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -58,8 +58,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost
$privatekey = SimpleSAML\Utils\Crypto::loadPrivateKey($idpmd, true);
$publickey = SimpleSAML\Utils\Crypto::loadPublicKey($idpmd, true);
- $responsedom = new DOMDocument();
- $responsedom->loadXML(str_replace("\r", "", $response));
+ $responsedom = SAML2_DOMDocumentFactory::fromString(str_replace("\r", "", $response));
$responseroot = $responsedom->getElementsByTagName('Response')->item(0);
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
index 2e52614f429166e92da2d641128a820069ae92e6..f6b02fab4b7a4271266aef003865cb5c916225d9 100644
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -215,12 +215,11 @@ class SimpleSAML_Metadata_SAMLParser
*/
public static function parseFile($file)
{
- $doc = new DOMDocument();
-
$data = \SimpleSAML\Utils\HTTP::fetch($file);
- $res = $doc->loadXML($data);
- if ($res !== true) {
+ try {
+ $doc = SAML2_DOMDocumentFactory::fromString($data);
+ } catch(\Exception $e) {
throw new Exception('Failed to read XML from file: '.$file);
}
@@ -238,10 +237,9 @@ class SimpleSAML_Metadata_SAMLParser
*/
public static function parseString($metadata)
{
- $doc = new DOMDocument();
-
- $res = $doc->loadXML($metadata);
- if ($res !== true) {
+ try {
+ $doc = SAML2_DOMDocumentFactory::fromString($metadata);
+ } catch(\Exception $e) {
throw new Exception('Failed to parse XML string.');
}
@@ -302,11 +300,12 @@ class SimpleSAML_Metadata_SAMLParser
$data = \SimpleSAML\Utils\HTTP::fetch($file);
- $doc = new DOMDocument();
- $res = $doc->loadXML($data);
- if ($res !== true) {
+ try {
+ $doc = SAML2_DOMDocumentFactory::fromString($data);
+ } catch(\Exception $e) {
throw new Exception('Failed to read XML from file: '.$file);
}
+
if ($doc->documentElement === null) {
throw new Exception('Opened file is not an XML document: '.$file);
}
@@ -328,10 +327,9 @@ class SimpleSAML_Metadata_SAMLParser
*/
public static function parseDescriptorsString($string)
{
- $doc = new DOMDocument();
-
- $res = $doc->loadXML($string);
- if ($res !== true) {
+ try {
+ $doc = SAML2_DOMDocumentFactory::fromString($string);
+ } catch(\Exception $e) {
throw new Exception('Failed to parse XML string.');
}
diff --git a/lib/SimpleSAML/Metadata/Signer.php b/lib/SimpleSAML/Metadata/Signer.php
index 225050ffde30d7b0a19248e61f47efa54e2c67c8..7ed716703a1b18ea141969413e7e38d33e7135bd 100644
--- a/lib/SimpleSAML/Metadata/Signer.php
+++ b/lib/SimpleSAML/Metadata/Signer.php
@@ -180,8 +180,9 @@ class SimpleSAML_Metadata_Signer
// convert the metadata to a DOM tree
- $xml = new DOMDocument();
- if (!$xml->loadXML($metadataString)) {
+ try {
+ $xml = SAML2_DOMDocumentFactory::fromString($metadataString);
+ } catch(Exception $e) {
throw new Exception('Error parsing self-generated metadata.');
}
diff --git a/lib/SimpleSAML/Utils/XML.php b/lib/SimpleSAML/Utils/XML.php
index bd09a319d20095e98b3f21f6d70ca7a2c60fa813..938ce6fd7abe748e55fcf6f769844ae7a6d37d35 100644
--- a/lib/SimpleSAML/Utils/XML.php
+++ b/lib/SimpleSAML/Utils/XML.php
@@ -8,6 +8,8 @@
namespace SimpleSAML\Utils;
+use Symfony\Component\Config\Definition\Exception\Exception;
+
class XML
{
@@ -226,8 +228,9 @@ class XML
throw new \InvalidArgumentException('Invalid input parameters');
}
- $doc = new \DOMDocument();
- if (!$doc->loadXML($xml)) {
+ try {
+ $doc = \SAML2_DOMDocumentFactory::fromString($xml);
+ } catch(\Exception $e) {
throw new \DOMException('Error parsing XML string.');
}
@@ -399,8 +402,12 @@ class XML
$dom = $xml;
$res = true;
} else {
- $dom = new \DOMDocument;
- $res = $dom->loadXML($xml);
+ try {
+ $dom = \SAML2_DOMDocumentFactory::fromString($xml);
+ $res = true;
+ } catch(Exception $e) {
+ $res = false;
+ }
}
if ($res) {
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
index d228d811a553c6e601b87706499e1d79e143cee4..dad0a6fcce2b190754c6717dd83f214a00da4a48 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -56,9 +56,9 @@ class SimpleSAML_XML_Shib13_AuthnResponse {
public function setXML($xml) {
assert('is_string($xml)');
- $this->dom = new DOMDocument();
- $ok = $this->dom->loadXML(str_replace ("\r", "", $xml));
- if (!$ok) {
+ try {
+ $this->dom = SAML2_DOMDocumentFactory::fromString(str_replace ("\r", "", $xml));
+ } catch(\Exception $e) {
throw new Exception('Unable to parse AuthnResponse XML.');
}
}
diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php
index edb15c4bf7b220c1b1fe1fb6173e6030fd557313..8fd9699e8e4e93cd040847fd7c544450274960bd 100644
--- a/modules/adfs/lib/IdP/ADFS.php
+++ b/modules/adfs/lib/IdP/ADFS.php
@@ -94,8 +94,7 @@ class sspmod_adfs_IdP_ADFS {
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->idKeys = array('AssertionID');
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
- $responsedom = new DOMDocument();
- $responsedom->loadXML(str_replace ("\r", "", $response));
+ $responsedom = SAML2_DOMDocumentFactory::fromString(str_replace ("\r", "", $response));
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1,
array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
diff --git a/modules/adfs/lib/XMLSecurityDSig.php b/modules/adfs/lib/XMLSecurityDSig.php
index 330a63fa3a6da38cf332ec7156644b0320309a05..53c3093120f670db04eb7896f331876193b167ed 100644
--- a/modules/adfs/lib/XMLSecurityDSig.php
+++ b/modules/adfs/lib/XMLSecurityDSig.php
@@ -15,7 +15,6 @@
class sspmod_adfs_XMLSecurityDSig extends XMLSecurityDSig {
function __construct($metaxml) {
- $sigdoc = new DOMDocument();
$template = '';
if (strpos("\n", $metaxml) === FALSE) {
@@ -25,7 +24,7 @@ class sspmod_adfs_XMLSecurityDSig extends XMLSecurityDSig {
$template = self::template;
}
- $sigdoc->loadXML($template);
+ $sigdoc = SAML2_DOMDocumentFactory::fromString($template);
$this->sigNode = $sigdoc->documentElement;
}
}
diff --git a/modules/cas/lib/Auth/Source/CAS.php b/modules/cas/lib/Auth/Source/CAS.php
index 301cb76ac930f9ecf50fb929a7dc28a6c6a4e5c0..84b366ee4000b5f40c308b39607ae5395eb746b8 100644
--- a/modules/cas/lib/Auth/Source/CAS.php
+++ b/modules/cas/lib/Auth/Source/CAS.php
@@ -118,7 +118,7 @@ class sspmod_cas_Auth_Source_CAS extends SimpleSAML_Auth_Source {
));
$result = \SimpleSAML\Utils\HTTP::fetch($url);
- $dom = DOMDocument::loadXML($result);
+ $dom = SAML2_DOMDocumentFactory::fromString($result);
$xPath = new DOMXpath($dom);
$xPath->registerNamespace("cas", 'http://www.yale.edu/tp/cas');
$success = $xPath->query("/cas:serviceResponse/cas:authenticationSuccess/cas:user");
diff --git a/modules/core/lib/Auth/Process/TargetedID.php b/modules/core/lib/Auth/Process/TargetedID.php
index 1151a24c990d36cea1bbc05ee7fd18f16530e836..4e595b27da6c81828a94f9ca74d53e7215d3e99c 100644
--- a/modules/core/lib/Auth/Process/TargetedID.php
+++ b/modules/core/lib/Auth/Process/TargetedID.php
@@ -136,7 +136,7 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt
$nameId['SPNameQualifier'] = $state['Destination']['entityid'];
}
- $doc = new DOMDocument();
+ $doc = SAML2_DOMDocumentFactory::create();
$root = $doc->createElement('root');
$doc->appendChild($root);
diff --git a/modules/metarefresh/lib/MetaLoader.php b/modules/metarefresh/lib/MetaLoader.php
index 91f505e287213d3944b074a6211b14bf716ccc3a..40c0359cb410c5ba37a972fae466d6727103bfc9 100644
--- a/modules/metarefresh/lib/MetaLoader.php
+++ b/modules/metarefresh/lib/MetaLoader.php
@@ -252,12 +252,14 @@ class sspmod_metarefresh_MetaLoader {
*/
private function loadXML($data, $source) {
$entities = array();
- $doc = new DOMDocument();
- $res = $doc->loadXML($data);
- if($res !== TRUE) {
+ try {
+ $doc = SAML2_DOMDocumentFactory::fromString($data);
+ } catch (Exception $e) {
throw new Exception('Failed to read XML from ' . $source['src']);
}
- if($doc->documentElement === NULL) throw new Exception('Opened file is not an XML document: ' . $source['src']);
+ if ($doc->documentElement === NULL) {
+ throw new Exception('Opened file is not an XML document: ' . $source['src']);
+ }
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsElement($doc->documentElement);
return $entities;
}
diff --git a/modules/saml/docs/sp.txt b/modules/saml/docs/sp.txt
index 063be47c1bbb710026e473207e086bcdf8bac844..c3a24c8f15baa85502cddb141ae071dff601854e 100644
--- a/modules/saml/docs/sp.txt
+++ b/modules/saml/docs/sp.txt
@@ -459,7 +459,7 @@ Here we will list some examples for this authentication source.
### Using samlp:Extensions
- $dom = new DOMDocument();
+ $dom = SAML2_DOMDocumentFactory::create();
$ce = $dom->createElementNS('http://www.example.com/XFoo', 'xfoo:test', 'Test data!');
$ext[] = new SAML2_XML_Chunk($ce);
diff --git a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
index 7d911300a03a759f8b4d763e90e1778328eb7be3..e88d1a8d5e9bb6c61bd2ed3a440a7ba60920f12a 100644
--- a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
+++ b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
@@ -69,7 +69,7 @@ class sspmod_saml_Auth_Process_PersistentNameID2TargetedID extends SimpleSAML_Au
$nameID = $state['saml:NameID'][SAML2_Const::NAMEID_PERSISTENT];
if ($this->nameId) {
- $doc = new DOMDocument();
+ $doc = SAML2_DOMDocumentFactory::create();
$root = $doc->createElement('root');
$doc->appendChild($root);
SAML2_Utils::addNameId($root, $nameID);
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index c57e5bc4679ac48e0942e9d9172a20c11cf915a7..6aafef4551a198e1f5f83117b471a429991fcde7 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -707,8 +707,7 @@ class sspmod_saml_IdP_SAML2 {
break;
case 'raw':
if (is_string($value)) {
- $doc = new DOMDocument();
- $doc->loadXML('<root>' . $value . '</root>');
+ $doc = SAML2_DOMDocumentFactory::fromString('<root>' . $value . '</root>');
$value = $doc->firstChild->childNodes;
}
assert('$value instanceof DOMNodeList');
diff --git a/www/saml2/idp/ArtifactResolutionService.php b/www/saml2/idp/ArtifactResolutionService.php
index 66355489e6d77051e8538c41e0e38fdcadbab41e..ac7dd241d1668fa58a1898fcec7607aa358d8024 100644
--- a/www/saml2/idp/ArtifactResolutionService.php
+++ b/www/saml2/idp/ArtifactResolutionService.php
@@ -54,8 +54,7 @@ $responseData = $store->get('artifact', $artifact);
$store->delete('artifact', $artifact);
if ($responseData !== NULL) {
- $document = new DOMDocument();
- $document->loadXML($responseData);
+ $document = SAML2_DOMDocumentFactory::fromString($responseData);
$responseXML = $document->firstChild;
} else {
$responseXML = NULL;