Commit 450e81e5 authored by haemmer's avatar haemmer
Browse files

Implemented #3324

Increased year in copyright
parent 4fccde72
<?php // Copyright (c) 2014, SWITCH
<?php // Copyright (c) 2015, SWITCH
/*
******************************************************************************
SWITCHwayf
Version: 1.19.4
Version: 1.20
Contact: aai@switch.ch
Web site: http://www.switch.ch/aai/wayf
******************************************************************************
......@@ -87,7 +87,7 @@ if (isset($_GET['getArguments']) && isset($_GET['origin']) && isset($_GET['redir
if(isValidDSRequest()){
// Check that return URL in DS request is a valid URL
$returnURL = verifyAndStripReturnURL($_GET['return']);
$returnURL = getSanitizedURL($_GET['return']);
if(!$returnURL){
// Show error
$message = sprintf(getLocalString('invalid_return_url'), htmlentities($_GET['return']));
......
......@@ -223,15 +223,15 @@ function checkIDPAndShowErrors($IDP){
/******************************************************************************/
// Validates the URL format and returns the URL without GET arguments and fragment
function verifyAndStripReturnURL($url){
// Validates the URL and returns it if it is valid or false otherwise
function getSanitizedURL($url){
$components = parse_url($url);
if (!$components){
return false;
} else {
if ($components){
return $url;
} else {
return false;
}
}
......@@ -587,6 +587,12 @@ function convertIPtoBinaryForm($ip){
return $ipAsBinaryString;
}
/******************************************************************************/
// Returns URL without GET arguments
function getURLWithoutArguments($url){
return preg_replace('/\?.*/', '', $url);
}
/******************************************************************************/
// Returns true if URL could be verified or if no check is necessary, false otherwise
function verifyReturnURL($entityID, $returnURL) {
......@@ -594,31 +600,38 @@ function verifyReturnURL($entityID, $returnURL) {
// If SP has a <idpdisc:DiscoveryResponse>, check return param
if (isset($SProviders[$entityID]['DSURL'])){
return in_array($returnURL, $SProviders[$entityID]['DSURL']);
}
// If fall back check is enabled, check return param
if ($useACURLsForReturnParamCheck){
// Return true if no assertion consumer URL is defined to check against
// Should never happend
if (!isset($SProviders[$entityID]['ACURL'])){
return false;
}
$returnURLHostName = getHostNameFromURI($returnURL);
foreach($SProviders[$entityID]['ACURL'] as $ACURL){
if (getHostNameFromURI($ACURL) == $returnURLHostName){
$returnURLWithoutArguments = getURLWithoutArguments($returnURL);
foreach($SProviders[$entityID]['DSURL'] as $DSURL){
$DSURLWithoutArguments = getURLWithoutArguments($DSURL);
if ($DSURLWithoutArguments == $returnURLWithoutArguments){
return true;
}
}
// We haven't found a matchin assertion consumer url so we return false
// DS URLs did not match the return URL
return false;
}
// SP has no <idpdisc:DiscoveryResponse> and $useACURLsForReturnParamCheck
// is disabled, so we don't check anything
return true;
// Return true if SP has no <idpdisc:DiscoveryResponse>
// and $useACURLsForReturnParamCheck is disabled (we don't check anything)
if (!$useACURLsForReturnParamCheck){
return true;
}
// $useACURLsForReturnParamCheck is enabled, so
// check return param against host name of assertion consumer URLs
// Check hostnames
$returnURLHostName = getHostNameFromURI($returnURL);
foreach($SProviders[$entityID]['ACURL'] as $ACURL){
if (getHostNameFromURI($ACURL) == $returnURLHostName){
return true;
}
}
// We haven't found a matching assertion consumer URL, therefore we return false
return false;
}
/******************************************************************************/
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment