The module.php file is the way we allow modules to have their own pages. All those are executed and presented to the user via this script. However, if an exception is thrown by a module, that exception will be captured directly by the module.php script. This prevents us from adding more logic to exception handling, adds code duplication, and makes the exception handling non-uniform, since we could end up handling the same exception differently depending on whether it was thrown by a module or by a regular page.

Now we no longer intercept exceptions in module.php, allowing the exception handler to kick in. That way exceptions are always handled uniformly, and we can also implement additional logic that we may want (i.e. adding a hook to the exception handler so that modules could handle exceptions the way they want).

Now that we are using realpath() to try to obtain the URL relative to the base URL path of SSP, we need to use real scripts or realpath() will return an empty string.

Recent commits have introduced a new way to obtain the self URL, honouring whatever is specified in 'baseurlpath'. However, this new code breaks when accessing SimpleSAMLphp through a path containing symbolic links in the file system, since the base directory refers always to the real path while the $_SERVER contents reflect what the web server sees (symlinks included). We use realpath() to convert a path with symlinks to a canonical path that we can compare.

PHP 5.3 does not allow the use of $this inside closures. This is a temporary fix for compatibility with 5.3, while we are still supporting it. We will drop this when updating the minimum requirements to PHP 5.4.

docs: make it work with Apache 2.4

* Add an extra apache access control directive
  to make it work with newer Apaches
  Source: http://stackoverflow.com/questions/23337446/getting-a-403-forbidden-error-for-simplesaml-after-apache-upgrade

docs: Recommend the usual commit message rules

It is much easier to review commits (e.g. with `tig`) if they have a
short subject line – e.g. a sysadmin might want to quickly skip all the
"docs: Foo" and "tests: Bar" commits and focus on the important parts.

Remove config templates that are no longer used. They are creating confusion and serve no purpose after all.

Based on patch by Nishanth Aravamudan <nish.aravamudan@canonical.com>

Fix the tests to handle the new, more permissive behaviour of SimpleSAML_Configuration::getBaseURL(), and add tests for getBasePath() too.

Make sure the new SimpleSAML_Configuration::getBasePath() complies with its phpdoc, returning always at least a slash. Fix also the regex that's supposed to catch paths, as it still wants them to end with a slash.

Add a new SimpleSAML_Configuration::getBasePath() method as described in #364, deprecate getBaseURL() and make sure it generates a warning (and only one) when used.

Change the extension of the documentation files from .txt to .md so that they can processed as markdown and displayed in github.

Update the documentation regarding translation (remove all references to the translation portal, reformat and fix typos).

Update the documentation. Trailing slashes are no longer required for 'baseurlpath'. This resolves #363.

Fix build. There was a bug in SimpleSAML\Utils\HTTP::parseQueryString() that was producing an empty parameter with an empty value when the query string was empty.

Change the implementation of SimpleSAML\Utils\HTTP::getSelfURL() and getSelfURLNoQuery() to honor the 'baseurlpath' configuration option instead of simply using the environment. They were actually broken since they were using it to build the scheme, host and port, but completely ignoring the path, rendering wrong URLs in between what was configured in 'baseurlpath' and the real information in the environment. This resolves #396, but also affects #5. The changes to getSelfURLNoQuery() in #391 are unnecessary now, since we now basically getting the full URL and remove the query afterwards.

Be graceful with the 'baseurlpath' configuration option. We should not fail when the trailing slash is missing, just add it.

Fix another issue with URLs not being validated before displaying them into a page. Reported by John Page (hyp3rlinx).

Fix an issue with some PHP environments (mostly related to FastCGI or php-fpm, common with nginx) where $_SERVER['SCRIPT_NAME'] is already populated with $_SERVER['PATH_INFO'] appended to it. In those cases, we should not blindly append PATH_INFO to SCRIPT_NAME, but check the latter first. This hopefully resolves #5 and closes #391.

Use LONGTEXT instead of the TEXT data type in MySQL to avoid size constraints in the latter. This resolves #399.

If we have an exception registered in the state array while authenticating, we should throw that exception instead of just printing it as plain text and exit. This resolves #401.