From dfd9966005ea23ce903241ded3e1335fffb1722b Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Wed, 7 Oct 2009 09:11:48 +0000
Subject: [PATCH] SimpleSAML_Session: Update isValid() to require a authority
string.
This patch updates the isValid function to require a valid authority.
All users of isValid in the simpleSAMLphp source pass the authority
parameter. If anyone uses isValid() without a valid authority they
must update their source code.
This change is made to make it more difficult to use simpleSAMLphp in
an insecure way.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1826 44740490-163a-0410-bde0-09ae8108e29a
---
lib/SimpleSAML/Session.php | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index cc06defe9..bb70f4744 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -482,16 +482,25 @@ class SimpleSAML_Session {
/*
* Is the session representing an authenticated user, and is the session still alive.
* This function will return false after the user has timed out.
+ *
+ * @param string $authority The authentication source that the user should be authenticated with.
+ * @return TRUE if the user has a valid session, FALSE if not.
*/
- public function isValid($authority = null) {
+ public function isValid($authority) {
+ assert('is_string($authority)');
+
SimpleSAML_Logger::debug('Library - Session: Check if session is valid.' .
- ' checkauthority:' . (isset($authority) ? $authority : 'null') .
+ ' checkauthority:' . $authority .
' thisauthority:' . (isset($this->authority) ? $this->authority : 'null') .
' isauthenticated:' . ($this->isAuthenticated() ? 'yes' : 'no') .
' remainingtime:' . $this->remainingTime());
if (!$this->isAuthenticated()) return false;
- if (!empty($authority) && ($authority != $this->authority) ) return false;
+
+ if ($authority !== $this->authority) {
+ return FALSE;
+ }
+
return $this->remainingTime() > 0;
}
--
GitLab