This filter can create an attribute from the NameID we receive in
the authentication response.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2548 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2547 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2542 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2535 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2532 44740490-163a-0410-bde0-09ae8108e29a

r2509 introduces a couple of errors, which caused certFingerprint
validation to fail. This commit fixes those errors.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2528 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2527 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2518 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2516 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2510 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2509 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2505 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2503 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2500 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2499 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2486 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2484 44740490-163a-0410-bde0-09ae8108e29a

Also remove those instances of the $session variable that became unused.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2479 44740490-163a-0410-bde0-09ae8108e29a

Since this is only used to show an exception with an invalid error
code, we may as well just handle the error in the default error
handler.

We also remove the unused $session variable.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2476 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2472 44740490-163a-0410-bde0-09ae8108e29a

SimpleSAML_Session::getInstance() never returns NULL, so don't
test for it. Also removes an error message from the dictionary.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2464 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2460 44740490-163a-0410-bde0-09ae8108e29a

If someone is able to perform a session fixation attack on the
openidProvider host, he can then make users execute scripts in that
domain.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2445 44740490-163a-0410-bde0-09ae8108e29a

Can be exploited by a malicious openid provider to execute scripts
on the host using openid.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2444 44740490-163a-0410-bde0-09ae8108e29a

Failure to escape the user id can be exploited by a malicious IdP
to run scripts in the domain of the oauth host. There is also a
failure to escape data in from the OAuth registry.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2443 44740490-163a-0410-bde0-09ae8108e29a

metaedit fails to validate the userid. If a malicious user is able to
make another user log in as that user id, he will be able to run scripts
in the domain of the site.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2442 44740490-163a-0410-bde0-09ae8108e29a

Can be exploited if the site is configured to fetch metadata from an
untrusted source.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2441 44740490-163a-0410-bde0-09ae8108e29a

Can be exploited if the site is configured to fetch metadata from an
untrusted source.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2440 44740490-163a-0410-bde0-09ae8108e29a

Can be exploited if the site is configured to fetch metadata from an
untrusted source.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2439 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2438 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2437 44740490-163a-0410-bde0-09ae8108e29a

Fixes a potential cross-site scripting vulnerability on the error page.
Fortuitously, a different bug prevents us from ever reaching this page,
so this bug cannot be exploited.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2436 44740490-163a-0410-bde0-09ae8108e29a

If the InfoCard module is enabled, it can be used to perform cross-site
scripting attacks on the site where it is installed.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2435 44740490-163a-0410-bde0-09ae8108e29a

Two possibilities:
- Users attributes from an untrusted source.
- Metadata from an untrusted source.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2433 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2431 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2428 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2427 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2422 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2421 44740490-163a-0410-bde0-09ae8108e29a

Patch by Patrick Honing from issue 322.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2414 44740490-163a-0410-bde0-09ae8108e29a