Added 'no-store' to the cache-control header to prevent Google Chrome from serving the 302 redirect from disk cache

The last version of psalm breaks with array_key_exists(), so we use isset() instead.

Don't bail out if the MDQ cache is broken or the query fails, because
later other metadata sources might provide the metadata for the entity.

This reverts commit 1218f38a.

When we are invoked from an outside application, SimpleSAMLphp cannot use 'baseurlpath' and in that case it tries to guess the current URL. The port was always added, even if the default port was used, leading to possible issues when comparing URLs that should actually be equivalent.

This resolves #696.

In order to fix this, we first sanitize any URL given to SimpleSAML\Utils\HTTP::checkURLAllowed() so that we make sure we have a true URL without spurious characters. Secondly, we stop using an "onload" event in the body of the redirect page to trigger the redirect automatically. Instead, we use a "meta refresh" redirection.

This double remediation is because there were two issues here: one, we were printing user input inside a chunk of javascript code. The other exploits the fact that the header() function silently breaks when a null character is part of the URL given to a "Location" header. In that case, the HTTP 302 Redirection doesn't happen, and then the browser loads the HTML and goes through it, running the injected javascript.

This fixes #699.

Fix build as a side effect. When vimeo/psalm tries to resolve dependencies, it now fails with this.

This method allows us to parse a URL and "rebase" it based on the $config['application']['baseURL'] configuration option. Thanks to this, applications will be able to configure a canonical base URL for the application, effectively translating any URL that might be built incorrectly (e.g. not using HTTPS because that is offloaded to a reverse proxy).

Also make the default namespace parameter mandatory, so that the function is not ADFS-specific.

When opcache.validate_timestamps is disabled, then the new metadata will not be read after a metarefresh.
This can be solved by adding the metadata file to an opcache blacklist, but calling opcache_invalidate()
after writing a file is a nice out-of-the-box solution.

Hopefully, this will enable everybody that is using simplesamlphp to disable opcache.validate_timestamps
without running into problems.

A PHPUnit listener unsets SSP environmental variables and attempts
to restore globals.

This also required adding an additional argument to
SimpleSAML\Utils\Crypto::loadPrivateKey to ease in testing. Without
this additional argument, SimpleSAML_Configuration::getBaseDir eventually
gets called to determine the private key location.  This doesn't work
well with vfsstream. This argument shouldn't cause too much trouble, and
seems cohesive enough with the function's purpose.

The reason was the lack of conversion to integer for each character of the strings before applying the XOR operator to them. The operator returns always an empty string when applied to two characters, and applying a binary-wise OR between 0 and an empty string, yields 0. Therefore, $diff is always 0, and the function returns true for every two strings with same length, regardless of their contents.

This reverts commit b1b0d0ef.

This reverts commit c441f9c9.

It looks like mb_substr() doesn’t cope well with NULL as the third parameter in PHP 5.3.

IVs must be random and one-time (never reused). Additionally, by deriving it from the key, the key length was effectively reduced to 128 bits.

It actually needs a DOMNode, so it has been renamed to isDOMNodeOfType().

Additionally, some superfluous asserts() have been removed, and SimpleSAML\Utils\XML::getDOMChildren() has also changed its signature, as it should also receive a DOMNode, not a DOMElement.

Use it when constant-time comparisons are needed to avoid side-channel attacks.

To put it differently, to avoid OSX machines being identified as windows boxes, “darwin” should be evaluated *before* “win”.

If a standard port is specified, then ignore it. Otherwise, include the port in the check so that non-standard ports must be whitelisted explicitly.

This resolves #476.