diff --git a/modules/casserver/www/serviceValidate.php b/modules/casserver/www/serviceValidate.php
index cf4bd0af22c7d00bf416c458369cfb2d32bf1ea4..b0deead91b88fd7f1697eddae071d3f579237aae 100644
--- a/modules/casserver/www/serviceValidate.php
+++ b/modules/casserver/www/serviceValidate.php
@@ -53,9 +53,13 @@ try {
$pgtiouxml = "\n<cas:proxyGrantingTicket>$pgtiou</cas:proxyGrantingTicket>\n";
}
- $proxiesxml = join("\n", array_map(create_function('$a', 'return "<cas:proxy>$a</cas:proxy>";'), $ticketcontent['proxies']));
- if ($proxiesxml) $proxiesxml = "<cas:proxies>\n$proxiesxml\n</cas:proxies>\n";
- returnResponse('YES', $function, $attributes[$usernamefield][0], $dosendattributes ? $attributes : array(), $pgtiouxml.$proxiesxml);
+ $proxiesxml = join("\n", array_map(
+ function($a) { return "<cas:proxy>$a</cas:proxy>"; },
+ $ticketcontent['proxies']));
+ if ($proxiesxml) {
+ $proxiesxml = "<cas:proxies>\n$proxiesxml\n</cas:proxies>\n";
+ }
+ returnResponse('YES', $function, $attributes[$usernamefield][0], $dosendattributes ? $attributes : array(), $pgtiouxml.$proxiesxml);
} else {
returnResponse('NO', $function);
}
diff --git a/modules/core/lib/Auth/Process/PHP.php b/modules/core/lib/Auth/Process/PHP.php
index 48d668c4ee62f99d6d911055cadc3b31ee0a4521..5b7f11711bc8507b2dbc68e55d37eebafbe7ed17 100644
--- a/modules/core/lib/Auth/Process/PHP.php
+++ b/modules/core/lib/Auth/Process/PHP.php
@@ -48,7 +48,7 @@ class sspmod_core_Auth_Process_PHP extends SimpleSAML_Auth_ProcessingFilter
assert(is_array($request));
assert(array_key_exists('Attributes', $request));
- $function = create_function('&$attributes', $this->code);
+ $function = function(&$attributes) { eval($this->code); };
$function($request['Attributes']);
}
}
diff --git a/tests/modules/core/lib/Auth/Process/PHPTest.php b/tests/modules/core/lib/Auth/Process/PHPTest.php
index 0e18e9bcd9f10b052fa934a950369b222c9035e4..f4b0342e36319245d93d2e73d394a341ff0a6712 100644
--- a/tests/modules/core/lib/Auth/Process/PHPTest.php
+++ b/tests/modules/core/lib/Auth/Process/PHPTest.php
@@ -26,12 +26,14 @@ class Test_Core_Auth_Process_PHP extends TestCase
/**
* Test the configuration of the filter.
- *
- * @expectedException SimpleSAML_Error_Exception
*/
public function testInvalidConfiguration()
{
$config = array();
+ $this->setExpectedException(
+ "SimpleSAML_Error_Exception",
+ "core:PHP: missing mandatory configuration option 'code'."
+ );
new sspmod_core_Auth_Process_PHP($config, null);
}
@@ -43,16 +45,71 @@ class Test_Core_Auth_Process_PHP extends TestCase
{
$config = array(
'code' => '
- $attributes["key"] = "value";
+ $attributes["key"] = array("value");
',
);
$request = array('Attributes' => array());
$expected = array(
'Attributes' => array(
- 'key' => 'value',
+ 'key' => array('value'),
+ ),
+ );
+
+ $this->assertEquals($expected, $this->processFilter($config, $request));
+ }
+
+ /**
+ * Check that the incoming attributes are also available after processing
+ */
+ public function testPreserveIncomingAttributes()
+ {
+ $config = array(
+ 'code' => '
+ $attributes["orig2"] = array("value0");
+ ',
+ );
+ $request = array(
+ 'Attributes' => array(
+ 'orig1' => array('value1', 'value2'),
+ 'orig2' => array('value3'),
+ 'orig3' => array('value4')
+ )
+ );
+ $expected = array(
+ 'Attributes' => array(
+ 'orig1' => array('value1', 'value2'),
+ 'orig2' => array('value0'),
+ 'orig3' => array('value4')
),
);
$this->assertEquals($expected, $this->processFilter($config, $request));
}
+
+ /**
+ * Check that throwing an Exception inside the PHP code of the
+ * filter (a documented use case) works.
+ */
+ public function testThrowExceptionFromFilter()
+ {
+ $config = array(
+ 'code' => '
+ if (empty($attributes["uid"])) {
+ throw new Exception("Missing uid attribute.");
+ }
+ $attributes["uid"][0] = strtoupper($attributes["uid"][0]);
+ ',
+ );
+ $request = array(
+ 'Attributes' => array(
+ 'orig1' => array('value1', 'value2'),
+ )
+ );
+
+ $this->setExpectedException(
+ "Exception",
+ "Missing uid attribute."
+ );
+ $this->processFilter($config, $request);
+ }
}