git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2490 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2489 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2488 44740490-163a-0410-bde0-09ae8108e29a

Since this function is only used in SimpleSAML_Error_Exception and a
subclass, move it here.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2487 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2486 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2485 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2484 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2483 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2482 44740490-163a-0410-bde0-09ae8108e29a

- Split out saveError(), for reuse by NoState error.
- Change to use internal logging functions and backtrace generation.
- Move fatalError() code into show().

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2481 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2480 44740490-163a-0410-bde0-09ae8108e29a

Also remove those instances of the $session variable that became unused.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2479 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2478 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2477 44740490-163a-0410-bde0-09ae8108e29a

Since this is only used to show an exception with an invalid error
code, we may as well just handle the error in the default error
handler.

We also remove the unused $session variable.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2476 44740490-163a-0410-bde0-09ae8108e29a

This commit introduces a new idpMetadata parameter to SoapClient::send,
which is used to check peer certificate. If this parameter is present,
but no certData is set, an Exception will be raised.

Thanks to Adam Lantos for providing this patch.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2475 44740490-163a-0410-bde0-09ae8108e29a

When faced with two certificates, one marked as use="signing", while
the other was use="encryption", we chose the first one (even though
it may not have supported signature verification.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2474 44740490-163a-0410-bde0-09ae8108e29a

To allow for subclassing, make the private properties protected instead.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2473 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2472 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2471 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2470 44740490-163a-0410-bde0-09ae8108e29a

The exception handler calls fatalError with an invalid error code. We
may as well rely on the unknown exception handler in that case.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2469 44740490-163a-0410-bde0-09ae8108e29a

- No need to catch exceptions here, since _include.php installs a
  default exception handler.
- The $config and $session variables are unused.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2468 44740490-163a-0410-bde0-09ae8108e29a

This template was used by the memcache status page, but this is no
longer the case after r1319.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2467 44740490-163a-0410-bde0-09ae8108e29a

www/auth/login-feide.php was removed in r2406, but I forgot to remove
the template. This commit fixes that.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2466 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2465 44740490-163a-0410-bde0-09ae8108e29a

SimpleSAML_Session::getInstance() never returns NULL, so don't
test for it. Also removes an error message from the dictionary.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2464 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2463 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2462 44740490-163a-0410-bde0-09ae8108e29a

This function did not properly validate signatures containing multiple
certificates (as is typical for metadata with certificate chains. The
fix is to ignore exceptions during validation.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2461 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2460 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2446 44740490-163a-0410-bde0-09ae8108e29a

If someone is able to perform a session fixation attack on the
openidProvider host, he can then make users execute scripts in that
domain.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2445 44740490-163a-0410-bde0-09ae8108e29a

Can be exploited by a malicious openid provider to execute scripts
on the host using openid.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2444 44740490-163a-0410-bde0-09ae8108e29a

Failure to escape the user id can be exploited by a malicious IdP
to run scripts in the domain of the oauth host. There is also a
failure to escape data in from the OAuth registry.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2443 44740490-163a-0410-bde0-09ae8108e29a

metaedit fails to validate the userid. If a malicious user is able to
make another user log in as that user id, he will be able to run scripts
in the domain of the site.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2442 44740490-163a-0410-bde0-09ae8108e29a

Can be exploited if the site is configured to fetch metadata from an
untrusted source.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2441 44740490-163a-0410-bde0-09ae8108e29a

Can be exploited if the site is configured to fetch metadata from an
untrusted source.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2440 44740490-163a-0410-bde0-09ae8108e29a

Can be exploited if the site is configured to fetch metadata from an
untrusted source.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2439 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2438 44740490-163a-0410-bde0-09ae8108e29a