- Jun 07, 2016
-
-
Jaime Perez Crespo authored
Be graceful with the 'baseurlpath' configuration option. We should not fail when the trailing slash is missing, just add it.
-
- Jun 06, 2016
-
-
Jaime Perez Crespo authored
Fix another issue with URLs not being validated before displaying them into a page. Reported by John Page (hyp3rlinx).
-
Jaime Perez Crespo authored
-
- Jun 03, 2016
-
-
Jaime Perez Crespo authored
Fix an issue with some PHP environments (mostly related to FastCGI or php-fpm, common with nginx) where $_SERVER['SCRIPT_NAME'] is already populated with $_SERVER['PATH_INFO'] appended to it. In those cases, we should not blindly append PATH_INFO to SCRIPT_NAME, but check the latter first. This hopefully resolves #5 and closes #391.
-
- Jun 02, 2016
-
-
Jaime Perez Crespo authored
-
Jaime Perez Crespo authored
Use LONGTEXT instead of the TEXT data type in MySQL to avoid size constraints in the latter. This resolves #399.
-
Jaime Perez Crespo authored
If we have an exception registered in the state array while authenticating, we should throw that exception instead of just printing it as plain text and exit. This resolves #401.
-
Jaime Pérez Crespo authored
Allow regular expression matching of trusted.url.domains.
-
Jon Dufresne authored
Fixes #379
-
- Jun 01, 2016
-
-
Jaime Perez Crespo authored
-
Jaime Perez Crespo authored
Verify that the URL passed as a parameter in the no cookie error page is allowed. Reported by John Page (hyp3rlinx).
-
- May 20, 2016
-
-
Jaime Perez Crespo authored
-
Jaime Perez Crespo authored
Fix an issue with the SimpleSAML\Logger class that was still trying to fetch the track ID from the session when running from the command line, where there's obviously no session at all.
-
- May 18, 2016
-
-
Jaime Pérez Crespo authored
General improvements of MemcacheMonitor module
-
- May 15, 2016
-
-
Jon Dufresne authored
Sometimes appear in error logs as: PHP Notice: Undefined index: ReturnTo in .../modules/core/www/as_login.php on line 9 PHP Notice: Undefined index: AuthId in .../modules/core/www/as_login.php on line 13
-
- May 11, 2016
-
-
Ryan McAllen authored
-
- May 10, 2016
-
-
Tim van Dijen authored
Added missing definitions
-
Tim van Dijen authored
Fix missing type attribute to comply with W3c XHTML 1.0 Transitional
-
- Apr 21, 2016
-
-
Jaime Perez Crespo authored
In the LDAP class, the password should only be escaped if it's not null, so that we don't try to bind with an empty password if none was provided. This fixes #366 and closes #370.
-
- Apr 20, 2016
-
-
Jaime Perez Crespo authored
The data store can be a custom class in a module. When we cannot load a class matching the 'store.type' configuration option we don't handle the exception, causing a fatal error. Use the new CriticalConfigurationError to fix that. This fixes #369.
-
Jaime Perez Crespo authored
-
Jaime Perez Crespo authored
Start using the new configuration exceptions, handling error situations that before led to blank pages or even worse.
-
- Apr 19, 2016
-
-
Jaime Perez Crespo authored
Add a couple new exceptions, both to signal configuration issues. One can be used to signal an error in a certain configuration, leaving to the user deciding whether it was critical or not, and what to do to deal with it. The other one indicates a configuration exception that we cannot recover from (i.e. missing files), and bootstraps a minimal configuration skeleton that we can use to go on momentarily.
-
Jaime Perez Crespo authored
-
Jaime Perez Crespo authored
If $_SERVER does not contain the variables we need (i.e. when running tests) it makes no sense at all to try to guess the root URI, since there's no such a thing, probably.
-
- Apr 18, 2016
-
-
Jaime Perez Crespo authored
-
Jaime Perez Crespo authored
-
- Apr 15, 2016
-
-
Jaime Perez Crespo authored
-
Jaime Perez Crespo authored
Modify the core:AttributeMap authentication processing filter to allow fetching mapping files from modules, not only from the 'attributemap' directory in the root of SSP's installation.
-
Jaime Perez Crespo authored
-
Jaime Perez Crespo authored
-
- Apr 13, 2016
-
-
Jaime Perez Crespo authored
Fix build. It was broken due to a chicken & egg problem, with SimpleSAML_Configuration raising creating a new SimpleSAML_Error_Exception that tries to load the configuration.
-
Jaime Perez Crespo authored
-
Jaime Perez Crespo authored
If we are asked to load an unknown auth source, we should raise a SimpleSAML_Error_AuthSource exception.
-
Jaime Perez Crespo authored
-
Jaime Perez Crespo authored
When exceptions happen in the context of a SAML transaction, we don't need to log the sspmod_saml_Error exception itself, as that doesn't have any valuable information. We log the exception itself instead. Reword the previous message a bit, too.
-
Jaime Perez Crespo authored
-
Jaime Perez Crespo authored
-
Jaime Perez Crespo authored
- Exception messages and backtraces are now decoupled, so that they can be logged independently. - Backtraces are now logged with "debug" log level, and only in case the "debug" configuration option is set. - A new log() method allows the exception itself to decide which log level to use. This can be used by exceptions overriding this method to change the log level accordingly. - Add a new parameter to the format() method so that the formatted message is anonymized, safe for display in the browser. Additionally, this resolves #281.
-
Jaime Perez Crespo authored
Add a proper message to the SimpleSAML_Error_NotFound exception, instead of printing its parameters.
-